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Preface 


This guide contains instructions on how to install, configure, and 
manage an AT-WL2411 Wireless Access Point. 


Purpose of This Guide 


This guide is intended for network administrators who are responsible 
for managing the wireless access point. Network administrators should 
be familiar with Ethernet and Fast Ethernet technology. 


Document Conventions 


This guide uses several conventions that you should become familiar 
with before you begin to perform the procedures. 


Note 
Notes provide additional information. 


Caution 
Cautions inform you that performing or omitting a specific action 
may result in equipment damage or loss of data. 


Warning 
Warnings inform you that performing or omitting a specific action 
may result in bodily injury. 


Where to Find Related Guides 


The Allied Telesyn web site at www.alliedtelesyn.com contains the most 


recent documentation for all of our products. All web-based 
documentation for this product and other Allied Telesyn products can 
be downloaded from the web site in PDF format. 


Contacting Allied Telesyn 


Online Support 


Technical 
Support and 
Services 


Technical 
Support E-mail 
Addresses 


You can contact Allied Telesyn technical support by telephone, fax and 
e-mail. You can also contact technical support online through our web 


site. 


You can request technical support online by filling out the Online 


Technical Support Form at www.alliedtelesyn.com/forms/support.htm. 


Americas 

United States, Canada, Mexico, 
Central America, South America 
Tel: 1(800) 428-4835, option 4 
Fax: 1 (425) 481-3790 


Asia 

Singapore, Taiwan, Thailand, Malaysia, 
Indonesia, Korea, Philippines, China, 
India, Hong Kong 

Tel: (+65) 3815-612 

Fax: (+65) 3833-830 


Australia 

Australia, New Zealand 
Tel: 1(800) 000-880 

Fax: (+61) 2-9438-4966 


France 

France, Belgium, Luxembourg, 
The Netherlands, Middle East, 
Africa 

Tel: (+33) 0-1-60-92-15-25 
Fax: (+33) 0-1-69-28-37-49 


United States and Canada 
TS1@alliedtelesyn.com 


Germany 

Germany, Switzerland, Austria, Eastern 
Europe 

Tel: (+49) 30-435-900-126 

Fax: (+49) 30-435-70-650 


Italy 

Italy, Spain, Portugal, Greece, Turkey, Israel 
Tel: (+39) 02-41-30-41 

Fax: (+39) 02-41-30-42-00 


Japan 
Tel: (+81) 3-3443-5640 
Fax: (+81) 3-3443-2443 


United Kingdom 

United Kingdom, Denmark, Norway, 
Sweden, Finland 

Tel: (+44) 1-235-442500 

Fax: (+44) 1-235-442680 


Latin America, Mexico, Puerto Rico, Caribbean, and Virgin Islands 


latin america@alliedtelesyn.com 


Returning Products 
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Products for return or repair must first be assigned a Return Materials 
Authorization (RMA) number. A product sent to Allied Telesyn without a 
RMA number will be returned to the sender at the sender's expense. 


To obtain an RMA number, contact Allied Telesyn’s Technical Support at 
one of the following locations: 


Q 


United States and Canada 
Toll-free: 1-800-428-4835, option 4 
Fax: 1-503-639-3716 


Europe, Africa, and Middle East 
Tel: +44-1793-501401 
Fax: +44-1793-431099 


Latin America, Caribbean, and Virgin Islands 
Tel: International code + 425-481-3852 
Fax: International code + 425-481-3895 


Puerto Rico 
Tel: 1-800-424-5012, ext. 3852 or 
Tel: 1-800-424-4284, ext. 3852 


Mexico 
Tel: 800-424-5012, ext. 3852 
Fax: International code + 425-481-3895 


Asia and Southeast Asia 
Tel: +65 381-5612 
Fax: +65 383-3830 


Australia 
Tel: 1-800-000-880 
Fax: 2-9438-4966 


New Zealand 
Tel: 0800-45-5782 


FIP Server 


If you need anew version of management software for an Allied Telesyn 
managed device and you know the file name of the program, you can 
download the software by connecting directly to our FTP server at 
ftp.alliedtelesyn.com. To login, enter ‘anonymous’ for the user name and 
your e-mail address for the password. 


For Sales or Corporate Information 


Allied Telesyn International, Corp. Allied Telesyn International, Corp. 
19800 North Creek Parkway, Suite 200 960 Stewart Drive, Suite B 
Bothell, WA 98011 Sunnyvale, CA 94085 
Tel: 1(425) 487-8880 Tel: 1(800) 424-4284 (USA and Canada) 
Fax: 1(425) 489-9191 Fax: 1(408) 736-0100 

Tell Us What You Think 


If you have any comments or suggestions on how we might improve this 
or other Allied Telesyn documents, please fill out the Send Us Feedback 
Form at www.alliedtelesyn.com/contact/feedbackf.asp. 


Chapter 1 


Getting Started 


The chapter introduces and explains the AT-WL2411 wireless access 
point. 


Understanding the AT-WL2411 Universal Access Point 


The AT-WL2411 Universal Access Point (UAP) is a high-performance, 
wireless local area network (LAN) access points. The UAP is designed to 
be powerful and easy to use, and each can be configured as an access 
point or as a point-to-point bridge. The access point attaches to a wired 
network and provides wireless network access for end devices. A point- 
to-point bridge connects two wired LANs and is often used to provide 
wireless communications in locations where running cable is difficult, 
such as across roads or between buildings. 


Note 
This manual supports the 1.50 Enterprise software for the AT- 
WL2411 access point. 


The AT-W1L2411 UAP 


The AT-WL2411 access point accommodates one 802.11b HR radio. The 
AT-WL2411 can only be configured as a standard access point. 


Note 

The AT-WL2411 with an 802.11b HR radio installed is Wi-Fi™ 
certified for interoperability with other 802.11b HR wireless LAN 
devices. 


The AT-WL2411 ships with these items: 
QO Power supply and AC power cord 
OY Mounting bracket 


UO Safety information 


OW Antenna 


Caution 
You must use the appropriate Allied Telesyn power supply with this 
device or equipment damage may occur. 


Understanding = The following illustration identifies the four LEDs on the AT-WL2411. 
the AT-WL2411 
Wired 
LEDs — |\\ CaN 
Radio 
Power Root/error 


Figure 1 System LEDs 
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The following describes the LEDs on the AT-WL2411. 


LED Description 
Power Remains on when power is applied. 
Radio Flashes when a frame is transmitted or received 


on the radio port. 


Wired LAN Flashes when a frame is transmitted or received 
on the Ethernet port. 
Root/error Flashes if this device is configured as the root. 


May also remain on if an error is detected. 


Understanding The following illustration identifies the ports on the AT-WL2411. 
the AT-W12411 - 


Ports — . 


i 
mal Ee 


10BaseT Serial Power 
Ethernet port port port 


Figure 2 System Ports 


The following describes the ports on the AT-WL2411. 


Port Description 

Power port Used with an appropriate power cable, the power 
port connects the access point to an AC power 
source. 

Serial port Used with a null-modem cable, the serial port 


connects the access point to a terminal or PC to 
perform initial configuration. 


10BaseT port Used with an appropriate cable, the 10BaseT port 
connects the access point to your Ethernet 
network. 


Configuring the AT-WL2411 UAP 


Although the AT-WL2411 UAP will work directly out of the box, you must 
assign it an IP address and define other basic parameters before you can 
manage it remotely. To perform these initial configurations, you must 
use aserial connection and a terminal ora communications program 
(such as HyperTerminal). This manual assumes that you are using a 
communications program for your initial configuration and performing 
all other configurations remotely using the Web interface. 


To perform a basic configuration of the AT-WL2411 using the default 
settings, you need the following: 


OV An RS-232 null-modem cable. 


OY Aterminal or PC with an open serial port. 
To configure the AT-WL2411: 


1. Use the RS-232 null-modem cable to connect the serial port on the 
UAP to aserial port on your PC. 


2. Open your communications program and configure the serial 
communications parameters on your PC to: 


Baud 9600 
Data bits 8 
Parity no 
Stop bit 1 


Flow control no 


3. Connect the power cable to the UAP and to apower source. The UAPs 
have no On/Off switch, so each UAP boots as soon as you apply 
power. 
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4, Press Enter when the message "Starting system" appears on your PC 
screen. The login screen appears. 


® 115200 - HyperTerminal _. {Of x| 
File Edit View Call Transfer Help 


UAP Monitor U4.07 February 23, 2661 
2411 Platform 
<Press any key within 5 seconds to enter the UAP monitor> 


Executing file UAP.PRG from segment 2. 


UAP U4.68 March 23, 2661 
Starting system 


Access Point Configuration 


D 
Serial: 35616680002 


Username: atilan 
Password: _ 


[Connected 2:48:19 Auto detect [1152008N-1 [SCROLL [CAPS [NUM [Capture — [Print echo 


Figure 3 Login Screen 


5. Typethe default username ATILAN and press Enter, and then type the 
default password ATILAN and press Enter. The Configuration menu 


appears. 
® 115200 - HyperTerminal |. (O} x| 
File Edit View Call Transfer Help 


Dis} e|3| ad 


A e Poin o igura 
CICP/IP Settings] 
CIEEE 862.11B Radiol 
[Spanning Tree Settings] 
CEthernet ] 

CIP Tunnels] 
[Network Management ] 
[Passwords ] 
[Maintenance] 

Save Configuration 
Reboot 


(Connected 2:47:05 (Auto detect = [1152008-N-1 [SCROLL [CAPS [NUM [Capture | Print echo 


Figure 4 Configuration Menu 


6. To use DHCP to automatically assign an IP address, configure the 
following parameters in the TCP/IP Settings menu: 


DHCP Mode Set to <Enabled, if IP Address is zero>. 


DHCP Server Name The name of the DHCP server that the AT- 
WL2411 is to access for automatic address 
assignment. If no server name is specified, 
the AT-WL2411 responds to offers from any 
server. 


To assign an IP address manually, configure these parameters in 
the TCP/IP Settings menu: 


IP Address A unique IP address. 


IP Subnet Mask The subnet mask that matches the other 
devices in your network. 


IP Router (Gateway) The address of the router that will forward 
frames if the AT-WL2411 will communicate 
with devices on a subnetwork. 
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7. Ifyou are configuring aAT-WL2411, you must configure Node Type in 
the Wireless Bridging menu in the 802.11b Radio menu. Configure 
Node Type as Master if this radio will communicate with end devices; 
configure it as Station if you are configuring a WAP and this radio will 
communicate with a UAP on the wired network. For more 
information, see Configuring Node Type on page 69. 


8. Save the configuration. 
9. Disconnect the null-modem and power cables. 
For optimal performance, you may need to set additional parameters. 


For more information, see Chapter 3, Managing the AT-WL2411 
Remotely on page 35. 


You are now ready to install the AT-WL2411 in your network. See 
General Installation Guidelines on page 26. 


Chapter 2 


Installing the AT-W12411 UAP 


This chapter explains how the AT-WL2411 functions in a network and 
how to install the AT-WL2411 UAP. This chapter also explains bridging 
and how to establish a Web browser session. 


Using the AT-W12411 UAP in a Wireless Network 


In general, the AT-WL2411 UAP forwards data between end devices and 
the wired network. The AT-WL2411 accommodates one radio. Use the 
AT-WL2411 when you do not need mixed radios or the AT-WL2411 is 
configured as a station at the remote end of a wireless hop to a 
secondary LAN. 


The AT-WL2411 UAP supports a variety of network configurations. These 
configurations are explained in this section. 


Using a UAPina _ Youcan use the UAP to extend your existing Ethernet network to 
Simple Wireless include wireless nodes. The UAP connects directly to your wired 
Network network, and the end devices form a network that functions as a wireless 
extension of the wired LAN. 
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In asimple wireless network, a single UAP on the wired network serves 
as a transparent bridge between the wired network and end devices. 
The end devices communicate exclusively with devices on the wired 
network; they do not communicate with other end devices. 


Using Multiple — Forlarger or more complex environments, you can install multiple UAPs 
UAPs and 80 end devices can roam from one UAP to another. Multiple UAPs 
‘ establish coverage areas or cells similar to those of a cellular telephone 
Roaming End network. End devices can connect with any UAP that is within range and 


Devices — pejongs to the same network. 
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Using UAPs to 
Bridge Between 
Wired LANs 


With the UAP multichannel architecture, you can have more than one 
UAP within the same cell area to increase throughput. In addition, 
overlapping radio coverage cells offer redundancy for critical 
applications so that coverage is not lost if a single UAP or radio fails. 


Ethernet 


You can use UAPSs to create a wireless or point-to-point bridge between 
two LANs. You can have a UAP wired to a network in one building and 
have asecond UAP wired to anetwork in another building. Wired clients 
in both buildings can then communicate with each other over the 
wireless bridge created by the UAPs. This configuration is useful in a 
campus environment where pavement or other objects prevent 
installation of a wired link. For information about configuring UAPs for 
point-to-point bridging, see Chapter 4, "Configuring the Radios." 


Using UAPs to Bridge Between Wired LANs 


Ethernet Ethernet 
Host Host 
— —— —z — 
oN 
it al Uae UAP = 
| | 
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Understanding Bridging and the UAP Ports 


The UAPs consist of a group of multiport Ethernet-to-wireless bridges. 
The UAPs support IP for installations where wireless end devices roam 
across IP router subnets. Unlike the Ethernet and radio ports, the IP port 
does not have its own output connector. Instead, it is a logical port that 
provides Generic Router Encapsulation (GRE) for data that requires 
tunneling through routers. The IP port forwards encapsulated data 
through the Ethernet and radio ports as required to reach the intended 
end device. 


The following illustration shows the general architecture of the AT- 
WL2411. 


Management and Configuration Multiport Bridge 


SNMP 
TCPIIP 
TFTP | HTTP 


File Configuration 
System Settings 


Configuration Port 


Forwarding | Spanning Wireless ARP 
Database Tree Server 


RS-232 Connector Ethernet Antenna 
Connector Connectors 
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End devices operate similarly to Ethernet products; therefore, all of your 
existing Ethernet applications will work with the wireless network 
without any special networking software. Some of the significant 
functions supported at the bridging layer are explained in the Bridging 
Layer Functions Table. 


Function 


Explanation 


Network 
Organization 


UAPs automatically configure into a self-organized 
network using a spanning tree topology. As devices 
are added to or removed from the network, the UAPs 
automatically reconfigure to maintain reliable 
operation. The spanning tree provides efficient, loop- 
free forwarding of frames through the network and 
allows rapid roaming of end devices. 


The root UAP initiates the spanning tree. The root 
coordinates the network and distributes common 
system parameters to other UAPs and end devices. 
The root is elected from a group of UAPs that are 
designated as root candidates at the time of 
installation. The election process also occurs in the 
event of a root failure. You can configure your 
network with overlapping coverage so that the 
network automatically recovers from any single 
point of failure. 


End devices can optionally participate in the 
spanning tree protocol by explicitly attaching to the 
network. As aresult, operational parameters are 
easily distributed, unicast flooding is reduced or 
eliminated, and roaming hands-off logic is more 
robust. 


Forwarding 


The UAP maintains a forwarding database of all 
physical station addresses, and it knows the correct 
port for each address. The UAP updates this database 
by monitoring source addresses on each port 
(backward leaning), by receiving explicit attachment 
messages, and by examining messages exchanged 
between UAPs when end devices roam. The 
database also includes the power management 
status of each end device, which allows the UAP to 
support the pending message feature of the 
network. The forwarding database allows the 
bridging software to make efficient forwarding 
decisions. 
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Function 


Explanation 


Switch Support 


Ethernet switches that do not comply with the 
802.1D standard have difficulty handling end devices 
that roam between different switched segments. The 
UAP provides data link tunneling for switches that do 
not handle roaming. Using data link tunneling, 
frames for a given end device always appear on the 
root UAP’s switched segment, regardless of roaming, 
and the switch’s routing tables remain stable. 


Flooding 
Configurations 


When the destination address is unknown, standard 
LAN bridges flood frames on all ports. Most end 
devices supported by the UAP operate at lower 
speeds than Ethernet; therefore, indiscriminate 
flooding from a busy Ethernet backbone to an end 
device can consume a substantial portion of the 
available wireless bandwidth and reduce system 
performance. The UAP allows you to set flooding 
control options for both unicast and multicast frames 
to free up bandwidth and improve system 
performance. For more information, see 
Configuring Global Flooding on page 51. 


Pending 
Messages 


End devices may use power management to 
maintain battery life. These devices wake up 
periodically to receive frames that arrived while their 
radio was powered down. The bridging software in 
the UAP provides a pending message delivery 
service that allows frames to be held until the end 
device is ready to receive them. 


Filtering Options 


The UAP incorporates extensive filtering capabilities. 
Basic filters allow you to filter on DIX type, protocol 
port, socket, or SAP. Advanced filters let you create 
and group filters based on data patterns that you 
define. For more information, see Chapter 5, 
"Configuring Filters and Tunnels." 
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Configuring 
Ethernet 
Bridging 


Configuring 
Secondary LAN 
Bridge Priority 


Ethernet bridging determines how wireless frames are converted to 
Ethernet frames and vice versa. With Ethernet bridging enabled, frames 
are forwarded directly to the Ethernet network. With Ethernet bridging 
disabled, data link tunneling occurs; that is, the UAP forwards frames on 
the Ethernet link encapsulated in data frames. Data link tunnels can be 
used to make roaming transparent to LAN protocols that are not 
designed to accommodate roaming; for instance, LANE does not 
accommodate roaming between Ethernet segments that are attached 
to LANE ATM/Ethernet bridges. If your network contains LANE 
ATM/Ethernet bridges or switches that do not support backward 
learning, you may need to set Ethernet bridging to Enabled on the root 
UAP and to Disabled on all other UAPs. 


Note 
Ethernet bridging is automatically set to Enabled on the root UAP 
even if you set it to Disabled. 


To configure Ethernet bridging, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 


3. Click the Ethernet Bridging down arrow and choose Enabled or 
Disabled. When you are finished, click Submit Changes to save your 
changes. 


A secondary Ethernet LAN can be bridging or non-bridging. A bridging 
secondary Ethernet LAN 


OQ interconnects UAPs. 


UO provides a wireless connection for wired Ethernet hosts. 


QO hasa UAP that is the designated bridge to the primary LAN. 


A non-bridging secondary LAN interconnects UAPs but has no 
designated bridge. 


The UAP with the highest Secondary LAN Bridge Priority becomes the 
designated bridge whenever it is powered on and connected to the 
secondary LAN if it is within range of aUAP on the primary LAN. The 
Secondary LAN bridging option only appears if you have a Secondary 
LAN Bridge Priority. If you have wired hosts on the secondary LAN, you 
must enable bridging to the secondary LAN. 
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You should enable bridging on a secondary LAN unless the inbound 
path is through an IP tunnel or through a bridge or switch that does not 
support roaming. Bridges and switches that adhere to the IEEE 802.1D 
standard support roaming. Some proprietary VLAN switches and ATM 
LANE bridges do not support roaming. 


If two UAPs have the same Secondary LAN Bridge Priority, the UAP with 
the highest Ethernet address becomes the designated bridge. If the 
current designated bridge goes offline, the remaining candidates 
negotiate to determine which UAP becomes the new designated bridge. 


If a UAP has the highest bridge priority on the secondary LAN but is not 
in the radio coverage area of a UAP on the primary LAN, it cannot 
become the designated bridge. In this case, a UAP with a lower bridge 
priority becomes the designated bridge. 


A Secondary LAN Bridge Priority of zero prohibits the UAP from 
becoming the designated bridge. If all UAPs connected to a secondary 
LAN have a bridge priority of zero, then anon-bridging secondary LAN 
exists and bridging to the secondary LAN is automatically disabled. 


Note 

If a switch fails, the spanning tree protocol can automatically bridge 
around the failed switch with a wireless link; however, if your 
installation has switches that use a proprietary configuration 
protocol, you may not want to bridge around the switches. Set the 
Secondary LAN Bridge Priority to zero in this case. 


To configure secondary LAN bridge priority, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 


3. Set the Secondary LAN Bridge Priority parameter to a value greater 
than zero. When you are finished, click Submit Changes to save your 
changes. 


General Installation Guidelines 
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Decreasing 
Interference 


Allied Telesyn recommends that you have Allied Telesyn or other 
certified providers conduct a site survey to determine the ideal locations 
for all of your network components. A proper site survey requires special 
equipment and training. 


The following general practices should be followed in any installation: 


UO) Locate UAPs centrally within areas requiring coverage. 
OY Overlap UAP coverage areas to avoid coverage holes. 


QO Try to position the UAP so its LEDs are visible. The LEDs are useful 
for troubleshooting. 


Q Install wired LAN cabling within node limit and cable length 
limitations. 


QO Usean uninterruptible power supply when the AC power system 
is not reliable. 


For information about antenna placement and accessories, see 
Appendix C, "Using External Antennas." 


Microwave ovens operate in the same frequency band asthe 802.11b HR 
radio; therefore, if you use a microwave within range of your Allied 
Telesyn RF network, you may notice network performance degradation. 
Both your microwave and your RF network will continue to function, but 
you may want to consider relocating your microwave out of range of 
your UAP. 


The UAP features an advanced configuration parameter for the 802.11b 
HR radio called microwave oven robustness. You can enable this 
parameter to minimize potential interference between your microwave 
oven and your RF network. 


Access points configured for the frequency in the same coverage area 
may interfere with each other and decrease throughput. You can reduce 
the chance of interference by configuring your UAPs so they are 
configured 5 channels apart, such as Channels 1, 6, and 11. For more 
information about microwave oven robustness, see Configuring 
Advanced 802.11b HR Radio Parameters on page 62. 
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General Steps to _ Follow these steps to install the UAP in your network. 
Installing the 


AT-W12411 UAP 1. Mount the UAP. 


2. Connect the UAP to the Ethernet network (unless you are using itasa 
wireless UAP) and power source. 


Installing the You can install the AT-WL2411 horizontally on a desk or counter, or you 
AT-WL2411 UAP can install it vertically to a wall using the wall bracket that ships with it. 
Follow the instructions that ship with the bracket and UAP. An optional 
cubicle bracket is also available for mounting the AT-WL2411 ona 
cubicle wall. 


Mounting the AT-WL2411 


The following instructions explain how to mount the AT-WL2411 using 
the mounting bracket that ships with it. 


Install the mounting bracket and AT-WL2411 on asturdy surface in 
accordance with local building codes. You need the following tools and 
materials to install the bracket: 


LO) Two # orM3 screws. The screws should be appropriate for the 
surface on which you are mounting the bracket. 


OQ Drill and drill bit appropriate for the mounting screws 


QO Screwdriver 
To mount the AT-WL2411, do the following: 


1. Use the mounting bracket as atemplate to mark the location of the 
mounting holes on the mounting surface. 


2. Drill the mounting holes. 
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3. Position the bracket on the mounting surface. 


Mounting 


a AT- \ 1 
dh ea 7) 
acl Screw LA 
| om (2 a 
(2 places) 
& Slot 
(2 places) 
a ae) 
~S 


4. Using the screws you provided, secure the bracket to the wall. 


5. Fitthe slots on the back of the AT-WL2411 over the hooks on the 
mounting bracket. 


6. Slide the AT-WL2411 up slightly, and then press the base of the AT- 
WL2411 until it clicks into the clip at the bottom of the mounting 
bracket. 


Positioning the Antenna 


The AT-WL2411 features a built-in antenna that rotates 180° as shown in 
the next illustration. Use the following guidelines when positioning the 
antenna. 


UO Place the antenna at 0° when storing the AT-WL2411. 


UO Placethe antenna at 90° when using the AT-WL2411 horizontally; 
for instance, when the AT-WL2411 is positioned on a desk or 
counter. 
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Q) Place the antenna at 180° when using the AT-WL2411 vertically; 
forinstance, when the AT-WL2411 is mounted on a wall or cubicle. 


Note 
Do not force the antenna past the hard stop at 0° or 180° or you may 
break the antenna connector. 


Attaching an External Antenna 


You can attach an external antenna to the AT-WL2411. To attach an 
external antenna, you must disconnect the built-in antenna and attach 
an antenna cable directly to the radio card in the UAP. The following 
steps explain how to attach an antenna cable to the AT-WL2411. 


For more information about antenna options, contact your local Allied 
Telesyn representative. 


To attach an external antenna to the AT-WL2411, do the following: 


1. Remove the radio card door. 
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2. Pull straight up on the antenna wire to disconnect it from the radio 


Door 
Antenna 


card. 


3. Tuck the antenna wire inside the UAP housing. 
4, Remove the punch-out tab from the door. 


Punch-out 
tab 


Pliers 


5. Attach the antenna cable to the radio by inserting the cable 
connector into the radio card. 


6. Replace the door. 
Connecting the AT-WL2411 


Unless you are using the UAP as a wireless UAP, you must connect the 
UAP to your Ethernet network using a 10BaseT Ethernet connector. 


To connect the AT-WL2411, do the following: 


1. Attach one end of the 10BaseT cable to the 10BaseT port on the UAP, 
and attach the other end to your Ethernet network. 
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2. Plug one end of the power cord into the power port on the UAP, and 
plug the other end into an AC power outlet. The AT-WL2411 has no 
On/Off switch, so it boots as soon as you apply power. 


Your AT-WL2411 is now ready to begin transmitting data packets 
between your end devices and your wired network. 
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Establishing a Web Browser Session 
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After you have configured the IP address and other basic network 
parameters, you can access your UAP from a remote location. 


Note 

Although you can manage the device remotely using either a Telnet 
session ora Web browser, this manual assumes you are using a Web 
browser. 


You must know the IP address of the UAP to access it remotely. If a DHCP 
server assigned the IP address, you must determine the IP address from 
the DHCP server. 


Only one session can be active with the UAP at a time. If your session 
terminates abruptly or a new signon screen appears, someone else may 
have accessed the UAP. 


To access the UAP remotely, you must first establish a Web browser 
session. When using the Web to establish remote access to your UAP, 
keep the following points in mind: 


O Yoursession terminates if you do not use it for 15 minutes. 


OY Console Command mode is not available. 


The Web browser interface for the UAP has been tested using Netscape 
v3.0 and higher and Internet Explorer v3.0 and higher. Remotely 
accessing the UAP using other browsers may provide unpredictable 
results. 


Note 

If you access the Internet using a proxy server, you must add the IP 
address of the UAP to your Exceptions list. The Exceptions list 
contains the addresses that you do not want to use with a proxy 
server. 


To establish a Web browser session with the UAP, do the following: 


1. Identify the IP address of the UAP. 
2. Start the Web browser application. 
3. Access the UAP using one of these methods: 


QO) Inthe Address field, enter the IP address of the UAP, and press 
Enter. 
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QO) Choose Open from the File menu. In the Open field, enter the IP 
address of the UAP and press Enter. 


The Universal Access Point Login screen appears. 


Access Point Login - Microsoft Internet Explorer - (Oj x} 
| File Edit ‘View Favorites Tools Help | 


| ebak ~ > ~ & Z| search GyFavorites CSristory | E4~ Sp 
| Address je) http:{/149.35.50.2/pubjlogin, htm >| @Go || Links = 


MVE Allied Telesyn 


Simply connecting the @® world 


Access Point Login 


Username: I 


Password: 


Once you enter the correct user name and/or password, you will be logged in to this access point's configuration 
menus. If fifteen minutes elapse without activity after you have been logged in, you will be logged out. 


Only one computer at a time can access the menus. If you unexpectedly receive a request for user name and 
password, another user may be attempting to wew or modify the configuration via Telnet or the serial port. Any 
attempt to start another HTTP session from another computer is refused until you have logged out of your session. 


Licensed from the copyright ovmur by Allied Telesyn Intemational, Copyright 2001 Intenmec. All Rights Reserved. 


i” 
ié] Done | | 


| Internet Ui 


Figure 5 Universal Access Point Login Screen 


4. Type ATILAN in both the Username and Password fields. You can 
change the user name and password after you have established your 


remote session. For help, see Changing the User Name and 
Password on page 35. 
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5. Click Login. The TCP/IP Settings screen appears. 


4 Access Point Configuration - Microsoft Internet Explorer - (5) x| 


File Edit View Favorites Tools Help El 


| 


| 
| Back ~ => ~ & [2] Gb) Asearch (yFavorites C4Huistory | E4~ Sp 
U 


Address je] http: //149.35,50.2/pub/welcome.htm >| @Go || Links . 


MV. Allied Telesyn Access Point Configuration 


Simply connecting the world 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
TCP/IP Settings’ 


Submit Changes 


AP Configuratior 


[Z)TCPAP Settings 
GSIEEE 802.11B Rac 
EaSpanning Tree Sett 
EgEthernet 


IP Address [149.35.50.2 
IP Subnet Mask [255.255.255.0 
IP Router (Gateway) [149.35.50.1 


eet IP Frame Type DIX = 
Uv etwork Nlanagerr 
EaPasswords huto ARP Minutes 5 | 


ARP Server Mode [Disabled 7| 
DHCP Mode [Use DHCP if IP Address is Zero 7| 
DHCP Server Name 


EsMaintenance 


4 
\@] Done | | | Internet 


Figure 6 TCP/IP Settings Screen 


Your Web browser session is established. 


Chapter 3 


Managing the AT-WL2411 
Remotely 


This chapter explains how to configure and manage the AT-WL2411 
remotely using a Web browser. 


Configuring the AT-WL2411 Universal Access Point 
Parameters 


The UAP interface uses common menus to accomplish common tasks. 
The following sections explain those common tasks. 


Changing the _ To ensure security to your UAP, you can make changes to your UAP 
User Name and _ security parameters after you establish a Web browser session. 


Password +5 change the user name and password, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Passwords. The Passwords screen appears. 


“4 Access Point Configuration - Microsoft Internet Explorer - (Oj x} 


| File Edit ‘Yiew Favorites Tools Help Ea 
| <Back > => » & [2] G}| Qsearch GyFavorites C4Snistory | EX~ Sp 


| Address é) http:/149.35.50,2/pub} 7| Go {Links uy 
~ Allied Telesyn 


Simply connecting the world 


Access Point Configuration 


Passwords’ 


Submit Changes 


AP Configuration 
[2)TCPAP Settings 


GSHIEEE 802.11B Radio 
GaSpanning Tree Settings 
Ethernet 


User Name 
Password 


Read Only Password 


GSP Tunnels 
GaNetwork Management 
a Passwords 
GIRADIUS Client 
|JRADIUS Server 
GaMaintenance 


[Enabled | 
[Enabled >| 
[Enabled >| 
[Enabled >| 


Service Password 
Telnet Access 
Browser Access 


SNMP dccess 


'@ Internet 


Figure 7 Passwords Screen 


3. Type auser name in the User Name field and a password in the 
Password field. The User Name and Password can be 0 to 16 
characters long. When you are finished, click Submit Changes to save 
your changes. The new user name and password are saved, and you 
must enter these new values each time you establish a Web session 
for this UAP. 
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This table explains the Password parameters. 


Parameter Description 
Read Only Gives read only access to the UAP. If you sign in with 
Password the read only password, you are able to view the 


configuration and execute diagnostics, but you 
cannot take any action that affects the operation of 
the access point such as changing configuration 
options, rebooting, or downloading software. Delete 
the password to disable it. 


Service Gives read only access to the UAP. For information on 
Password activating the UAP using the service password, see 
the next section, "Logging In Using the Service 
Password." To disable this password, click the Service 
Password down arrow and choose Disabled. 


Telnet Access Enables/disables the ability to Telnet to the access 
point. 


Browser Access |Enables/disables the ability to Browse to the access 
point. 


SNMP Access Enables/disables SNMP access. 


Understanding RADIUS Support 


You can use RADIUS (Remote Authorization Dial-In User Services) to 
authorize configuration users. When you enter a user name and 
password when RADIUS is enabled, the User Name and Password is sent 
to a RADIUS server for authentication. If the server returns an access- 
accept packet, you are logged into the access point with read/write 
privileges. 


If no RADIUS server is available when the RADIUS client is enabled, the 
RADIUS client times out on RADIUS access requests. In this case, because 
the Service password is checked after the read/write password, each 
failed Service Password login attempt may take up to eight seconds. 
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RADIUS Server 


You can also configure the access point to act as a RADIUS server for 
itself and other access points. You can enter up to 70 
username/passwords into the UAP RADIUS server database. 


To configure the RADIUS server, do the following: 
1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 


2. Click Passwords, and then click RADIUS Server. The RADIUS Server 
screen appears. 


“4 Access Point Configuration - Microsoft Internet Explorer Z - (Oj x] 


| File Edit View Favorites Tools Help Ea 


| Back > => ~ & [2] G}| QSearch yFavorites CBHistoy | ES~ Sp @ 


| Address (#] http://149.35.50.15/pub/welcome. htm >| @Go | Links >> 


~ Allied Telesyn 


Simply connecting the (P) world 


Access Point Configuration 


Submit Changes 
AP Configuration |— 


Geass Radic Server [Disebled =] 
EaSpanning Tree Settin; 
aEthernet 
ESP Tunnels 
EaNetwork Manageme: 
‘a Passwords 
EIRADIUS Client 
|)JRADIUS Server 
EsMaintenance 


[| {A Internet 


Figure 8 RADIUS Server Screen 
3. Click the Server down arrow and choose Enabled or Disabled. When 
you are finished, click Submit Changes to save your changes. 


4. Inthe RADIUS Server you must enter in the secret key that is going to 
authenticate RADIUS clients. 


5. Inthe RADIUS Server you must enter User Name and Password that 
are going to be used by the RADIUS Clients. 
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RADIUS Client 


Use the RADIUS client to administer passwords for all access points at a 
central location (a RADIUS server). When you enable the RADIUS client, 
the normal passwords for the access point are disabled. The username 
and password information that you enter is sent to the RADIUS server; 
the RADIUS server then validates them and returns a response to the 
access point indicating whether or not the user should be logged in. 


For example, when a user without access attempts to log in with the 
username "apusername" and the password "“appassword," the access 
point sends "apusername, appassword wants to log in" to the RADIUS 
server. The RADIUS server looks up "apusername, appassword" in its 
database and doesn't find it. The RADIUS server tells the access point not 
to let that user in, and the access point prompts the user for another 
username and password. 


When auser with access attempts to log in with the username 
"apusername" and the password "appassword," however, the access 
point sends "apusername, appassword wants to log in" to the RADIUS 
server. The RADIUS server looks up and finds "apusername, appassword" 
in its database and sends "let this user have access, they are approved" 
back to the access point. The access point then logs the user in. 


To configure the RADIUS Client, do the following: 
1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 
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2. Click Passwords, and then click RADIUS Client. The RADIUS Client 
screen appears. 


“4 Access Point Configuration - Microsoft Internet Explorer a - (5) x| 
| File Edit View Favorites Tools Help Ea 
Back ~ => ~ & [2] @| QSearch (qFavorites <BHistoy | E4~ & Q 


| Address le) http://149.35.50.15/pub/welcame. htm | @Go | Links >? 
~ Allied Telesyn 


Simply connecting the world 


Access Point Configuration 


Passwords /RADIUS Client / 


Submit Changes 


[2)TCPAP Settings 
GQIEEE 802.11B Ra 
EaSpanning Tree Set 
EgEthernet 

ESP Tunnels 


GaNetwork Manager 
‘aa Passwords 


‘a RADIUS Che: 
Server 1 
Server 2 

[E)RADIUS Ser 


GaMaintenance = 
>| 


Configuration Access [Disabled >| 


Figure 9 RADIUS Client Screen 


3. Set Configuration access to enabled. 


4. Configure the Servers. There is a Primary Server (Server 1) and a 
Secondary Server (Server 2). The Primary server will always be sent 
the Authentication first. If the Primary Server is not on the network, 
the Authentication request will then go to the Secondary Server. 


You must enter in the IP Address of the server you want to 
authenticate with and you must enter in the Secret Key that is 
used by the Server. 


Setting the 
Hello Period 


| File Edit View 


yy Access Point Configuration - Microsoft Internet Explorer 


Favorites Tools Help Ee 


| Back + =» ~ @ [2] fat | ‘GQsearch (JFavorites ¢4History | By =) 
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You can set the following types of Hello periods: 


Ethernet Hello Period, which describes how often Hellos are sent 
on the Ethernet. 


OY IP Tunnel Hello Period, which describes how often Hellos are sent 
through the tunnel. 


LY Radio Hello Period, which describes how often Hellos are sent out 
the radio when a wireless hop is formed. 


The following sections explain how to set each type of Hello period. 


To set the Ethernet Hello Period, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet. The Ethernet screen appears. 


| Address [4] http://149.35.50.2/pub/ | @co {Links » 


‘ea Ethernet 
IP Tunnels 


Passwords 


MV Allied Telesyn Access Point Confi 


Simply connecting the world 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 


AP Configuration 
TCP/IP Settings 
IEEE 802.11B Radio 
Spanning Tree Settings 


Ethernet Filters 


Network Management 


Maintenance 


guration 


Ethernet’ 


Submit Changes 


Port Control [Enabled 7] 
Hello Period [2 Seconds >| 
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Figure 10 Ethernet Screen 
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3. Click the Hello Period down arrow, and choose a hello period. When 
you are finished, click Submit Changes to save your changes. 


To configure the IP Tunnel Hello period, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels. The IP Tunnels screen appears. 


4 Access Point Configuration - Microsoft Internet Explorer -/0) x| 
| File Edit ‘Yiew Favorites Tools Help Ki 
| <Back ~ => ~ & [2] @ | Gsearch (yFavorites C4ristory | 4 
| Address é) http://149,35.50.2/pub} 7] Go {Links ca 


~ Allied Telesyn 


Simply connecting the world 


Access Point Configuration 


grade (HTTP) | Upgré ‘ 
IP Tunnels’ Help 


Submit Changes 


AP Configuration 
[Z)TCPAP Settings 


ESIEEE 802.11B Radio Ue Ree [Enabled >| 
GaSpanning Tree Settings see [Originate If Root +] 
EgEthernet IGMP [Disabled >| 
‘aa PP Tunnels Hello Period [2 Seconds >| 
[E\)IP Addresses 
€gTunnel Filters 
EaNetwork Management 
EaPasswords 
EsMaintenance 
\@] Done || | Internet Vi 


Figure 11 IP Tunnels Screen 


3. Click the Hello Period down arrow, and choose a hello period. When 
you are finished, click Submit Changes to save your changes. 
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To configure the 802.11b HR radio Hello period, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 


32. 
2. Click IEEE 802.11b Radio. The IEEE 802.11b Radio screen appears. 
=lo1x) 


[ File Edit ‘View Favorites Tools Help KE 
1 Back + => ~ GD [2] Gb) GAsearch (jFavorites CBuistory | Ey & | 
I 


Address [@] hetp:(/149.95.50.2pubf Go | |Links *| 
~ Allied Telesyn Access Point Configuration 


Simply connecting the @® world 


IEEE 802.11B Radio/ 


Submit Changes 


AP Configuration 


IITCPAP Seine Port Control [Enabled >| 
[=) Wireless Bridging SSID (Network Name} [ATILAN| 
[2) WEP Configuration | Frequency [Channel 03, 2422 MHz ~| 
[2) Advanced Configurat | Data/Voice Settings [Data Trafic only >| 
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Figure 12 IEEE 802.11b Radio Screen 


3. Click Wireless Bridging. The Wireless Bridging screen appears. 
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Figure 13 Wireless Bridging Screen 


4. Click the Hello Period down arrow, and choose a hello period. When 
you are finished, click Submit Changes to save your changes. 


This section explains how to enable and disable port control for the 
Ethernet network and for IP Tunnels. For information about configuring 
port control fora specific radio, see Chapter 4, Configuring the Radios 
on page 57. 


To configure port control, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet or IP Tunnels from the Configuration screen menu. The 
appropriate screen appears. 


3. Click the Port Control down arrow and choose Enabled or Disabled. 
When you are finished, click Submit Changes to save your changes. 


Setting ARP 
Minutes 


Configuring the 
LAN ID 
(Domain) 
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The UAP periodically sends an unsolicited ARP request so that routers 
can update their routing tables. The request enables a network 
management platform to learn about the UAP on the network by 
querying routers. The auto ARP period controls the time interval 
between ARP broadcasts. 


To set ARP minutes, do the following: 


uf 


Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


Click TCP/IP Settings. The TCP/IP Settings screen appears. 


Type a time period in the Auto ARP Minutes field. The range is from 1 
to 120 minutes. Set the time period to 0 to disable this parameter. 


If the address of the default router is 0.0.0.0, the UAP sends an ARP 
request to its own IP address; otherwise, it sends an ARP request 
to the default router. Without this option, aUAP might not use its 
IP address for extended periods of time, and the IP address would 
expire from the router ARP table. If the IP address expires, the 
network management program must ping all potential addresses 
on asubnet to locate active IP addresses or require the user to 
enter a list. You should not allow the IP address for the UAP to 
expire. 


All UAPs must have the same LAN ID or domain to participate in the 
same spanning tree. Additionally, all non-802.11b HR devicesina 
network must have the same LAN ID to be able to communicate. 


Note 

If you assign a LAN ID greater than 15 for the 802.11b radio, the 
value the UAP uses is the remainder after subtracting the LAN ID by 
a multiple of 16. The domain is 5, for example, if the LAN ID is 5, 21, 
or 37. 


To configure the LAN ID (Domain), do the following: 


1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
Sz: 

Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 

Enter the LAN ID (Domain) in the LAN ID (Domain) field. The LAN ID 


(Domain) can be from 0 to 254. When you are finished, click Submit 
Changes to save your changes. 
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Setting Root = The root priority determines whether a particular UAP is a candidate to 


Priority become the root of the spanning tree. The UAP with the highest root 
priority becomes the root of the network spanning tree whenever the 
UAP is powered on and active. The Ethernet segment that has the root 
attached to it is the primary LAN. The root UAP maintains the network 
spanning tree and can distribute global parameters network-wide. 


To set root priority, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 


Be: 
2. Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 
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Figure 14 Spanning Tree Settings Screen 


3. Typearoot priority in the Root Priority field. The root priority can bea 
value from 0 to 7, but UAPs with a root priority of 0 cannot become 
the root. When you are finished, click Submit Changes to save your 
changes. 


Configuring the 
AP Name 


Configuring the 
AT-WL2411 UAP 
as a DHCP 
Server 
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Note 

Always set root priority fora WAP to 0 so that it cannot become the 
root. In addition, if the network contains 6710 access points and AT- 
WL2411 UAPs, be sure to configure a UAP as the root. 


The AP name is a unique name that identifies a given UAP in the 
network. The AP name is also used by the 802.11b master to distinguish 
the radios in a given UAP from other radios in the network. Only the first 
11 characters are used for the 802.11b master name. 


To configure the AP name, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 


3. Typean AP namein the AP Name field. The AP name can be from 1 to 
16 characters long. When you are finished, click Submit Changes to 
save your changes. 


The AT-WL2411 UAP contains a simple DHCP server that you can use to 
provide DHCP server functions for small installations where no other 
DHCP server is available. The DHCP server will offer IP addresses to any 
DHCP client it hears as long as a pool of unallocated IP addresses is 
available. These clients may include other UAPs, wireless clients, wired 
hosts on the distribution LAN, or wired hosts on secondary LANS. 


Note 

This DHCP server is not intended to replace a general purpose, 
configurable DHCP server, and it makes no provisions for 
synchronizing DHCP policy between itself and other DHCP servers. 
Customers with complex DHCP policy requirements should use 
other DHCP server software. 


To avoid a single point of failure, the DHCP server may be enabled in 
more than one UAP; however, UAPs do not share DHCP client databases. 
Each DHCP server UAP should be configured with a different DHCP 
address pool from which to allocate client addresses. 


You must configure a UAP acting as a DHCP server with a static IP 


address. You cannot configure the UAP as both a DHCP server and a 
DHCP client. 
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To configure the AT-WL2411 UAP asa DHCP server, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Enteran IP address and a subnet mask for the UAP. 
a. Click TCP/IP Settings. 


b. Enterastatic IP address in the IP Address field, and enter asubnet 
mask in the IP Subnet Mask field. When you are finished, click 
Submit Changes to save your changes. 


3. Enable the server. 


QO) Inthe TCP/IP Settings screen, click the DHCP Mode down arrow 
and choose This AP isa DHCP Server. When you are finished, click 
Submit Changes to save your changes. 

4. Configure the DHCP server. 


a. Click DHCP Server Setup. The DHCP Server Setup screen appears. 
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Figure 15 DHCP Server Setup Screen 


b. 
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Configure the DHCP server. When you are finished, click Submit 
Changes to save your changes. 


The following table explains each parameter. 


Parameter 


Explanation 


Low Address 


Specifies the low IP address in the range of IP addresses 
available to the DHCP server for distribution to DHCP clients. If 
these addresses are not on the same subnet as the UAP, the UAP 
will perform Network Address Translation (NAT) for the devices 
to which it grants IP addresses. 


High Address 


Specifies the high IP address in the range of IP addresses 
available to the DHCP server for distribution to DHCP clients. If 
these addresses are not on the same subnet as the UAP, the UAP 
will perform Network Address Translation (NAT) for the devices 
to which it grants IP addresses. 


DNS Address 1_ | Specifies the IP address of a Domain Name Server that will be 
distributed to DHCP clients. You can enter up to two DNS 
addresses to be delivered to DHCP clients. 

DNS Address 2 | Specifies the IP address of a Domain Name Server that will be 
distributed to DHCP clients. You can enter up to two DNS 
addresses to be delivered to DHCP clients. 

IP Subnet Mask |Indicates how many host bits of the IP address represent a 
subnet number. Use IP subnets to partition traffic and to 
connect routers. The IP subnet mask must represent contiguous 
Ones (1) from the left and contiguous zeros (0) from the right. 

IP Router Specifies what IP router DHCP will be offering to clients. If NAT 

(Gateway) has been automatically enabled, the UAP will use the lowest 
DHCP address to provide an IP router that performs NAT. 

NAT (Network | Specifies if DHCP has been properly configured and if the range 

Address has automatically enabled NAT. 

Translation) 

Status When a station uses the UAP as an IP router, the UAP replaces 


the MAC address, IP source address, and TCP/UDP port with its 
own. You can configure the DHCP to indicate that the UAP is the 
IP router when it allocates the address to a station. Special 
consideration is given to changing the FTP data connection TCP 
port number, which is in the body of the TCP frame. After the 
frame source is modified, it is forwarded to the proper subnet. 
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Parameter 


Explanation 


If the destination subnet is not the same subnet as the UAP’s 
Ethernet, the destination MAC address is changed to the IP 
router that has been configured for the access point. If the 
access point belongs to the subnet, the AP converts the MAC 
address to the MAC address that belongs to the destination IP 
address. This may involve the operation of the ARP protocol for 
MAC address discovery. 


When the access point receives a frame with its IP address, it 
identifies the need for address translation by inspecting the 
destination port number. If the port number is within the pool 
reserved for NAT operation, it looks up the original MAC 
address, IP address, and port number. The frame is then 
modified and forwarded to the station. 


You can disable or enable NAT operation. You must configure 
the access point with two IP addresses; the normal address 
already has a configuration method. The access point must also 
have an address on the subnet for which it is acting as a NAT 
gateway. This second address only supports ARP translation for 
stations configured for NAT. It cannot access any AP menus. 


NAT operation is disabled or enabled automatically depending 
on the continuous range of addresses you enter into the DHCP 
Server. NAT is disabled if the range of addresses to be given to 
DHCP Clients is on the same subnet as the access point. If the 
range of addresses to be given out by the DHCP server is not on 
the same subnet as the access point, you are creating a virtual 
network and the DHCP server will also perform NAT translation. 


Supported DHCP Options 


The DHCP server issues IP address leases to configure the following 
fields and options: 


IP broadcast address This address, along with the subnet mask and 
default router, will contain the same values as configured for the UAP. 


Lease duration The lease duration is always twenty minutes. 


Configuring the 
AT-WL2411 UAP 
as a NAT Server 


Configuring 
Global Flooding 
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Unsupported DHCP Options 


The DHCP server implemented in the AT-WL2411 UAP does not support 
any DHCP options other than those listed. The DHCP server disregards 
any DHCP options that are not explicitly required by the DHCP 
specification. The DHCP server ignores all packets with anon-zero giaddr 
(gateway IP address). The server only responds to requests emanating 
from it’s own subnet. 


You can enable the access point as a NAT server. 
To enable the access point as a NAT server, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Choose the TCP/IP Settings menu and configure the following 
parameters: 


O) subnet mask 


static IP address 


3. Choose This AP is a DHCP Server in the DHCP Mode field. 


4. Click DHCP Server Setup and enter a contiguous range of IP addresses 
that are not on the same subnet as the access point for the DHCP 
address pool. Click Submit Changes when you are finished. 


5. Configure any optional parameters. 
a. Enterup to two DNS addresses to be delivered to DHCP clients. 


Use global flooding to determine how a UAP handles a frame with an 
unknown address. The global flooding settings are sent throughout the 
network from the root UAP. Access points try to forward frames to the 
port with the shortest path to the destination address. When the UAP 
has not learned the direction of the shortest path, you can configure it to 
flood the frames in certain directions to try to locate the destination 
address. 


Global flooding parameters you set will override parameters that you set 
in UAPs acting as designated bridges. 


To configure global flooding, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 
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3. Click Global Flooding. The Global Flooding screen appears. 
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Figure 16 Global Flooding Screen 


4. Configure the Global Flooding parameters. When you are finished, 
click Submit Changes to save your changes. 
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The following table explains each parameter. 


Parameter 


Explanation 


Multicast Flood 
Mode 


Determines the flooding structure for multicast 
frames with unknown destination addresses. 


Universal Allows any node to communicate with 
any other node. 


Hierarchical Allows nodes in the wireless network 
to communicate with nodes on the primary LAN but 
not with other wireless devices. 


Disabled Prevents flooding. 


Multicast Determines if outbound multicast frames with 
Outbound to unknown destination addresses are flooded toward 
Terminals wireless stations. 
Enabled Outbound multicast frames with 
unknown destination addresses are flooded toward 
wireless stations. 
Disabled Outbound multicast frames with 
unknown destination addresses are not flooded 
toward wireless stations. 
Multicast Determines whether outbound multicast frames 
Outbound to with unknown destination addresses are flooded 
Secondary LANs | toward secondary LAN segments. 


Enabled Causes the root access point to control 
flooding for all access points serving as designated 
bridges for the secondary LANs. 


Set locally Allows designated bridges on secondary 
LANs to control flooding on their LANs. 


Unicast Flood 
Mode 


Determines the flooding structure for inbound 
unicast frames with unknown destination addresses. 


Universal Allows any node to communicate with 
any other node. 


Hierarchical Allows nodes in the wireless network 
to communicate with nodes on the primary LAN but 
not with other wireless devices. 


Disabled Prevents flooding. 


Configuring You can set configuration parameters in the root UAP that are 
Global RF distributed throughout the network. All UAPs that are root candidates 
Parameters should have the same global RF parameters. 


Note that several of the global RF parameters have a Set Globally 
parameter that you can enable or disable. If you are configuring the root 
UAP and you set a global RF parameter to Enabled, the value for that 
parameter is set globally for all end devices and UAPs in the network. If 
you set the value to Disabled, the root does not distribute the global 
parameters, and each device uses its local or default setting. The Set 
Globally parameter has no effect in UAPs that are not the root. 


To configure global RF parameters, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32: 


2. Click Spanning Tree Settings. The Spanning Tree Settings screen 
appears. 


3. Click Global RF Parameters. The Global RF Parameters screen appears. 
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Figure 17 Global RF Parameters Screen 
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4. Configure the Global RF Parameters. When you are finished, click 
Submit Changes to save your changes. 


The following table explains each parameter. 


Parameter 


Explanation 


RFC1042/DIX 
Conversion 


Determines how the access point will handle the 
conversion of RFC1042/DIX frames that are received 
on its 802.11b HR radio ports. 


Enabled Causes frames received on an 802.11b HR 
port with a protocol type equal to a value in the 
"RFC1042 types to pass through" list to be forwarded 
without conversion. Frames with protocol types not 
found in the list will be converted to DIX format 
before they are forwarded. 


Disabled Causes frames received on a radio port to 
be forwarded without translation from RFC10472 
format to DIX; that is, when a SNAP frame is received 
from an 802.11b HR radio with an OUI 
(Organizationally Unique Identifier) equal to 000000, 
it will be forwarded without conversion. 


S-UHF Rfp 
Threshold 


Determines the largest data packet that can be 
transmitted without reserving air time. Air time is 
normally reserved to help prevent collisions with 
other transmitters; however, when the amount of 
data is small enough, sending the data may be more 
effective than creating the reservation. 


S-UHF Frag Size 


Determines the largest data packet that can be 
transmitted without fragmentation. On certain 
radios, the fragmentation does not occur unless the 
radio detects interference. Larger packet sizes can 
improve throughput on a reliable connection, while 
smaller packet sizes can improve throughput ona 
poor connection. 


900 MHz Frag 
Size 


Determines the largest data packet that can be 
transmitted without fragmentation. On certain 
radios, fragmentation does not occur unless the 
radio detects interference. Larger packet sizes can 
improve throughput on a reliable connection, while 
smaller packet sizes can improve throughput ona 
poor connection. 
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Parameter 


Explanation 


S-UHF/900 MHz 
Awake Time 


Specifies the amount of time that a wireless station 
stays awake when radios are inactive. A sleeping 
station is less responsive to radio activity; however, 
the longer a station is kept fully awake, the larger the 
drain on the battery. You should set a station to stay 
awake long enough to receive an expected reply toa 
transmission and short enough to reduce power 
consumption. The awake time can beset toa 

number from 0 to 250 tenths of a second. This 
parameter applies only to S-UHF and 900 MHz radios. 


RFC1042 Types 
to Pass Through 


Determines values for protocol types that are to be 
passed without conversion. The list includes the 
Apply Talk protocol type, value 80F3. This parameter 
only appears when RFC1042/DIX conversion is 
Enabled. 


Values entered in this parameter represent the 
protocol types of frames that will be passed without 
conversion to DIX format. 


Chapter 4 


Configuring the Radios 


This chapter explains how to configure the 802.11b HR radio in the AT- 
WL2411 access point.. 


Configuring the 802.11b HR Radio 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


57 


58 


2. Click IEEE 802.11b Radio. The IEEE 802.11b Radio screen appears. 
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Figure 18 IEEE 802.11b Radio Screen 


3. Configure the parameters for the radio. When you have finished, click 
Submit Changes to save your changes. 


The following table explains each parameter. 


Parameter Explanation 

Port Control Enables or disables the Ethernet port. 

SSID (Network |The 802.11b HR radio communicates with other 
Name) 802.11b HR radios with the same network name. Use 


this parameter to assign a network name to the UAP, 
and then assign the same network name to the end 
devices that will connect to the UAP. The SSID 
(Network Name) can be no more than 32 
alphanumeric characters. The default SSID (Network 
Name) is ATILAN (case-sensitive). 
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Parameter 


Explanation 


Frequency 


The frequency is the particular frequency within the 
2.4 to 2.5 GHz range that the UAP uses to transmit 
and receive packets. The available frequencies are 
country-dependent and are determined by the radio. 


Configure all UAPs used in Spain, France, or J apan to 
acommon frequency. For all other countries, you can 
configure all UAPs to acommon frequency, or you 
can select up to three frequencies that are at least 
three channels (or 25 MHz) apart. You could select 
2412 MHz, 2437 MHz, and 2462 MHz, for example. 


You may want to use a single frequency to isolate the 
installation to part of the band; for example, use a 
single frequency if other DS systems or multiple 
microwave ovens are in use in the area. 


For optimal performance of UAPs that are within 
range of each other, you should configure their 
frequencies to be five channels apart. You could 
configure the UAPs to use channels 1, 6, and 11, for 
example. 


Data/Voice 
Settings 


Set to Data Traffic Only if the UAP will transmit only 
data traffic. 


Set to Data and Voice Traffic if the UAP will transmit 
both data and voice traffic. 


Set to Voice Traffic Only if the UAP will transmit only 
voice traffic. 


WEP Encryption 


Use this option to enable or disable WEP Encryption. 
This option appears on your menu only if your 
802.11b HR radio supports WEP data encryption for 
wireless communication. 
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Worldwide Channel FCC ETSI France Japan Israel 
Frequencies for 


the 802.11b HR 1 2412 2412 2412 

Radio 2 2417 2417 2417 
3 2422 2422 2422 2422 

(default) 

4 2427 2427 2427 

5 2432 2432 2432 

6 2437 2437 2437 

7 2442 2442 2442 

8 2447 2447 2447 

9 2452 2452 2452 

10 2457 2457 2457 2457 

11 2462 2462 2462 2462 

(default) 

12 2467 2467 2467 

13 2472 2472 2472 

14 2484 


FCC countries include the United States, Canada, China, Taiwan, India, 
Thailand, Indonesia, Malaysia, Hong Kong, and most South American 
countries. 


ETSI countries include all European Union countries except France. It 
also includes Switzerland, Iceland, Norway, Czech Republic, Slovenia, 
Slovakia, Turkey, Russia, and the United Arab Emirates. 

Mexico and Singapore use the same channels as France. 


The 802.11b channels that are allowed in a given country may change 
without notice. Be sure you use only those frequencies that are 
permissible in the given country. 
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Configuring 
Voice Over IP 


AT-WL2411 Wireless Access Point Installation Guide 


You can specify what type of traffic can be delivered to your 802.11b HR 
port. You can use a single 802.11b HR radio to support both voice and 
data communications over the same radio. 


To configure Voice over IP, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Configure the following parameters on your 802.11b HR radio: 


O Multicast rate to 1 Mbits/Sec if you are using a1 Mbit/sec 
telephone 


UO Multicast rate to 2 Mbits/Sec if you are using a2 Mbit/sec 
telephone 


O Transmit Rate Fallback to Enabled 


3. Click IEEE 802.11b Radio. The IEEE 802.11b Radio screen appears. 


4. Clickthe Data/Voice Settings down arrow and choose asetting. When 
you are finished, click Submit Changes to save your changes. 


Data Traffic only Specifies that the port will be used for data 
traffic only. No special filtering. 


Data and Voice Traffic Specifies that the port will be used for 
both data and voice traffic. All MobileLAN(tm)voice 2 handset 
packets are sent in the high priority queue. Packets in the high 
priority queue are sent ahead of packets in the normal priority 
queue. No special filtering. 


Voice Trafficonly Specifies that the port will be used for voice 
traffic only. All MobileLAN(tm)voice 2 handset IP packets are sent 
with a priority setting. All other multicast/broadcast packets will 
be dropped. 


Note 

To specify which terminals/telephones attach to which radio in a 
dual access point, you should use adifferent Network Name for each 
radio. You also must enter the Network Name on each telephone. 
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Configuring 


You can configure other parameters for the 802.11b HR radio, such as 


Advanced _ Data Rate, Medium Reservation, and Microwave Oven Robustness. Click 
802.11b HR Advanced Configuration to configure these and other parameters. 
Radio {o configure advanced parameters, do the following: 
Parameters 
1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 
2. Click Advanced Configuration in the IEEE 802.11b Radio menu. The 
Advanced Configuration screen appears. 
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Figure 19 Advanced Configuration Screen 


3. Configure the advanced parameters. When you are finished, click 
Submit Changes to save your changes. 
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Use the following table to configure advanced parameters. 


Parameter 


Description 


Data Rate 


Use Data Rate to choose the rate at which the UAP 
transmits data. 


Data Rate 
Fallback 


Disable this parameter to prevent the radio from 
dropping to a slower transmission bit rate when it 
has trouble communicating with another station. 
This parameter also limits your range to the Data 
Rate selected above. 


Basic Rate 


Use this parameter to choose the UAP'’s basic and 
multicast transmission rate. Under most 
circumstances this parameter should be left at the 
default 2 Mbit setting. 


Medium 
Reservation 


Use this parameter to enable or disable a reservation 
threshold. 


Enabled Allows you to set a threshold value using 
the Reservation Threshold parameter. 


Disabled May improve network response time in 
installations that primarily send very small frames or 
that have no hidden stations. 


Distance 
Between APs 


Use this parameter to control the roaming sensitivity 
of your end devices. The setting on your UAP should 
match the setting on your end devices. 


You can use this parameter to virtually reduce the 
range of your UAP. Using the Small or Medium 
setting does not reduce the absolute range of your 
radio, but it does modify the collision detection 
mechanism to allow significant overlap of the 
wireless cells. Although setting this parameter to 
Small or Medium creates a higher performance radio 
network, more UAPs are needed to cover a given 
area. 


Microwave Oven 
Robustness 


Enable this parameter to activate a modified 
algorithm for automatic rate fallback, which prevents 
the UAP from falling back to 1 Mbits when trying to 
retransmit radio packets when 2.4 GHz interference 
is present. 


64 


Parameter 


Description 


Network Name 
Security 


Use this parameter to determine if terminals with an 
SSID (Network Name) setting of ANY or NULL will 
associate with any access point. 


802.11 Compliant Allows terminals with an SSID 
setting of ANY or NULL to associate with the access 
point. This setting is 802.11b HR compliant. 


Network Name’ANY’ Not Allowed Prevents 
terminals with an SSID setting of ANY or NULL from 
associating with the access point. This setting is not 
802.11b HR compliant. 


DTIM Period 


Use this parameter to specify the number of beacon 
frames to skip before including a DTIM (delivery 
traffic indication message) in a beacon frame. A 
higher DTIM period may conserve battery life in an 
end device but may increase response time. You can 
set the DTIM period to a value from 1 to 65535. 
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Configuring WEP 


Click WEP Configuration under the IEEE 802.11b Radio menu to set WEP 
configuration parameters. This option appears only if your 802.11b HR 
radio supports WEP encryption and you enabled WEP Encryption. 


To set WEP configuration parameters, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


Choose IEEE 802.11b Radio and enable WEP Encryption. 


3. Click WEP Configuration in the IEEE 802.11b Radio menu. The WEP 
Configuration screen appears. 
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Figure 20 WEP Configuration Screen 
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4. Setthe parameters for WEP configuration. When you are finished, 
click Submit Changes to save your changes. 


The following table explains each parameter. 


Parameter Explanation 

WEP Receive Use this parameter to determine if the UAP will 

Data receive transmissions from end devices that are not 
using WEP. 
Unencryption Allowed Allowstransmissions from 
end devices that are not using WEP. 
Encryption Required Prevents transmissions from 
end devices that are not using WEP. 

WEP Transmit | Use this parameter to determine which of the four 

Key default WEP keys this UAP uses to transmit data. The 
default is 1, which means that the UAP uses WEP key 
1 to transmit data. 

WEP Key 1 Your own WEP code. 

WEP Key 2 Your own WEP code. 

WEP Key 3 Your own WEP code. 

WEP Key 4 Your own WEP code. 


To ensure maximum security, you should configure each WEP key 
with a different WEP code. 


Note 


When entering a WEP key value, be sure to precede the value with 
‘Ox’ to signify that the value is in hexadecimal. Without ‘Ox”, the 
value is assumed to be ASCII characters. 
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Ahop occurs when data from an end device moves from one access 
point to another via the radio ports. At least two access points must be 
configured for wireless hops: one as a master and the other as a station. 
Station access points attach to master access points. Wireless hops must 
be enabled on the master access point for IAPP Hello packets to be 
transmitted via the master’s radio port. This setting allows the wireless 
access points to attach to the IAPP spanning tree in the same way that a 
wired access point does. 


You can enable or disable wireless hops on any master UAP. If you 
enable wireless hops, the UAP honors connections from UAPs that are 
configured as stations. 


The LAN ID and Network Name must match those of the master access 
point; in addition, the station and master must be on the same IP subnet. 


You must enable wireless hops on the master UAP for 


UO point-to-point bridging. 


LY amaster access point that will communicate with a WAP. 
To form a wireless hops (Ethernet access point), do the following: 


1. Establish a Web browser session on the wired access point if you have 
not already done so. For more information, see Establishing a Web 
Browser Session on page 32. 


2. Click the menu corresponding to the radio you are configuring (i.e., 
IEEE 802.11b Radio). 


3. Click Wireless Bridging. 

4. Click the Node Type down arrow and choose master. 

5. Click the Wireless Hops down arrow and choose Enabled. Click 
Submit Changes before leaving the Wireless Bridging screen. 

To form a wireless hops (Wireless access point), do the following: 


1. Establish a Web browser session on the wireless access point if you 
have not already done so. For more information, see Establishing a 
Web Browser Session on page 32. 


2. Click the menu corresponding to the radio you are configuring (i.e., 
IEEE 802.11b Radio). 


3. Click Wireless Bridging. 


4. Click the Node Type down arrow and choose station. Click Submit 
Changes before leaving the Wireless Bridging screen. 
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Configuration Example: Single Radio on Remote LAN Segment 


Following is an example of how you might configure a wireless hop 
using a single radio on the remote LAN segment. The advantages and 
disadvantages of using this configuration are listed below. 


Advantages Disadvantages 


Does not require WEP keys. Wireless clients are not supported on the 


wireless access point because the 
wireless access point is configured with 
only one station radio. 


Designed to support wired 
terminals on the secondary 
LAN segment. 


To configure wireless hops using a single radio on the remote LAN 
segment, do the following: 


1. Set up the access point on the remote LAN segment. 


a. 


b. 


Be sure the radio in the primary LAN segment is configured asa 
Master. 


Enable wireless hops on the master access point (see Configuring 
Wireless Hops on page 67). 


Be sure the SSID (Network Name) of the master radio on the root 
LAN segment matches the SSID (Network Name) of the station 
radio in the secondary LAN segment. 


2. Setup the wireless access point on the secondary LAN segment. 


a. 
b. 


Be sure the radio is configured as a Station. 
Set the Root Priority to zero (see Setting Root Priority on page 46 
). 


Set the secondary LAN bridge priority to a value other than zero 
(see Configuring Secondary LAN Bridge Priority on page 24). 
Setting this parameter to 1 will satisfy most standard 
configurations. 


Enable secondary LAN flooding. 


Be sure the SSID (Network Name) of the master radio of the root 
LAN segment matches the SSID (Network Name) of the station 
radio of the secondary LAN segment. 
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Configuring Use the node type parameter to configure a radio as a Master or Station. 
Node Type You can configure node type only when wireless hops is enabled. 


To configure node type, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IEEE 802.11b Radio. The IEEE 802.11b Radio screen appears. 


“Access Point Configuration - Microsoft Internet Explorer ; -|O) x} 
| File Edit View Favorites Tools Help EJ 
| Back + => ~ @ (2) a | Qsearch (Favorites 4History Ay & & 


[Address [@) hetp:#/149.25.50.2jpubjwelomehtm SSS | is) 
~ Allied Telesyn Access Point Configuration 


Simply connecting the (P) world 


Submit Changes 
AP Configuration 


TCP/IP Setting: 
: : Port Control [Enabled ’ 


‘ea IEEE 802.11B Radio 
= ; SSID (Network Name) JATILAN 


(2) Wireless Bridging 
[2] WEP Configuratic Frequency [Channel 03, 2422 MHz >| 


[Advanced Confin Data/Voice Settings [Data Traffic only x] 
GaSpanning Tree Setting: WEP Encryption [Enabled = 

GiEthernet 

EMP Tunnels 
GaNetwork Managemen 
GaPasswords 
GaMaintenance 


\é] (1 item remaining) Downloading picture http://149.35.50.2/pub/bkgrnd. gif... | \® Internet 


Figure 21 IEEE 802.11b Radio Screen 
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3. Click Wireless Bridging. The Wireless Bridging screen appears. 


4 Access Point Configuration - Microsoft Internet Explorer : - (0) x} 
| File Edit View Favorites Tools Help | | 


|| Back + => » [2] Gb) QSearch (yFavorites BHistoy | 4x  Q | 
| Address |4] http://1 49.36, 50.15/pub/welcome.htm | Go || | Links ” 


y Allied Telesyn 


Simply connecting the (P) world 


Access Point Configuration 


Submit Changes 
AP Configuration 
[E|TCP/P Settings 
a 802.11B Radi Nodes Type Master ¥ 
Wireless Hops Disabled ¥ 
wireless Dridging Fa] 
[Z) Advanced Co Hello Period 2 Seconds | 
GASpanning Tree Settin; 
GiEthernet 
GIP Tunnels 


GaNetwork Manageme: 
GaPasswords 
GiMaintenance 


| | | Internet 


Figure 22 IEEE 802.11b Wireless Bridging Screen 


4. Change node type to "station." When you are finished, click Submit 
Changes to save your changes. 


Configuring To use IEEE 802.11b radios for wireless bridging, you must configure one 
IEEE 802.11b UAPasamaster and the second as a station. 


UAPs for For wireless bridging, both IEEE 802.11b radios must have the same 
Bridging 

OY LAN ID (Domain). 

QO Security ID. 

QO Channel. 


To configure the UAPs to bridge between Ethernet LANs, do the 
following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 
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2. Configure the LAN ID (Domain). For more information, see 
Configuring the LAN ID (Domain) on page 45. 


3. Configure the Security ID, Channel, and Subchannel. For more 
information see Configuring the 802.11b HR Radio on page 57. 


The following table is an example of how to configure IEEE 802.11b UAPs 
fora point-to-point or wireless bridge. 


Parameter LAN | Secondard LAN 
LAN ID (Domain) 1 il 

Root Priority 5 0 

Secondary LAN Bridge Priority 0 5 

Secondary LAN Flooding Disabled Enabled 

Node Type Master Station 

Channel if 1 (in Master List) 
Wireless Hops Enabled (does not apply) 


Note 


Be sure the root priority of the IEEE 802.11b master is greater than 
the root priority of the IEEE 802.11b station. The devices will not 


form the desired wireless bridge if the master has a lower root 
priority than the station. 


You may need to adjust the global flooding parameters for wireless 
bridging. Follow these recommendations when configuring the global 
flooding parameters for a point-to-point bridge: 


U 


U 


U 


If all gateways and servers are on the primary LAN, set the 
Multicast Flood Mode to Hierarchical. 


If end devices must communicate with gateways or servers on a 
secondary LAN, set Multicast Flood Mode to Universal. 


If end deviceson a secondary LAN communicate with end devices 
on another secondary LAN, set Multicast Flood Mode to Universal. 


For more information about global flooding, see Configuring Global 
Flooding on page 51. 
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Chapter 5 
Configuring Filters and IP 
Tunnels 


This chapter explains how to configure filters and tunnels. 


Configuring Ethernet Filters 


You can set both Ethernet and IP tunnel filters, and you can create 
protocol filters for both predefined and user-defined protocol types. In 
addition, you can define arbitrary frame filters based on frame content. 


For help configuring IP filters, see Configuring IP Tunnel Filters on 
page 87. 


Configuring the Use the Ethernet address table to enter the MAC address of a station 
Ethernet attached to this UAP’s Ethernet. The address is entered as 6 hex pairs 
separated by spaces, colons, orhyphens. The default address is 
Address Table 5:09:00:00:00:00. 


To configure the Ethernet address table, do the following: 
1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet Filters from the Ethernet menu. 
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3. Click Address Table. The Address Table screen appears. 


4 Access Point Configuration - Microsoft Internet Explorer _-|5) x] 
| File Edit View Favorites Tools Help Ea 
| eBack y > ~ @ [2) | Asearch (yFavorites CBristory | 4 SH 

Address |@] hetp://149.35.50.2/pubjweomehtm —ss—~—sSsSsSsSSS Go | Links 


~ Allied Telesyn 


Simply connecting the @® world 


Access Point Configuration 


AP Configuration 
EE}TCP/P Settings 
GQIEEE 802.11B Radio 
EaSpanning Tree Settings 
‘a Ethernet 
‘ag Ethernet Filters 
[E) Address Table 
[E)Frame Type Filters 
[E)Predefined Subtype Filters 
[2] Customizable Subtype Filters 
GAAdvanced Filters 
Ea Tunnels 
GaNetwork Management 
EaPasswords 
GaMaintenance 


Using Frame 
Type Filters 


|@ Internet 


Figure 23 Address Table Screen 


4, Enterup to 20 MAC addresses. When you are finished, click Submit 
Changes to save your changes. 


You can establish filters for common networking protocols such as IP, 
Novell IPX, and 802.2 LLC. You can also set filters to pass only those 
Ethernet frame types found on your network. 


You can set the default action for general and specific frame types. For 
example, you can set the DIX-Other EtherTypes frame parameter to 
drop, and then use the subtype menus to pass only those specific DIX 
types that are used in your radio network. 


You can also set the scope for general and specific frame types. For 
example, you can set the action to Drop and the scope to All for DIX-IP- 
TCP Ports, and then all IP packets with the TCP protocol type will be 
dropped even if specific TCP parts are set to pass in the subtype menus. 


Action Set the action so the UAP will either Pass or drop all frames of a 
specified type. 
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Scope Can beset to Unlisted or All. If you select All, then all frames of 
that type are unconditionally passed or dropped, depending on the 
action specified. If you select Unlisted, frames of that type are passed or 
dropped only if the frame type is not listed in the predefined or 
customizable tables. 


To set frame type filters, do the following: 
1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet, and then click Ethernet Filters. The Ethernet screen 
appears. 


3. Click Frame Type Filters. The Ethernet Frame Type Filters screen 
appears. 


“4 Access Point Configuration - Microsoft Internet Explorer - (Oj x} 
| File Edit Yiew Favorites Tools Help | | 
| Back ~ => ~ & [2] Z| GSearch feyFavortes CHHistoy | 4x  B 


| Address [4] http: //149.35.50.15/pub/welcome.htm +] @Go || Links » 
MV Allied Telesyn 


Simply connecting the @® world 


Access Point Configuration 


Logout | Save,Discard Changes | Software Upgrade (HTTP) 
Ethernet /Ethernet Filters /Frame Type Filters / 


Upgrade Other Access Points | Software Upgrade (TFTP) 


Submit Changes 


AP Configuratio 
[2)TCPAP Settings 


GalEEE 802.11B Ra | Action Scope 
GaSpanning Tree Set DIX-IP-TCP Ports [Pass >| [Unlisted >] 
bed crille Filter DIX-IP-UDP Ports [Pass ~| [Unlisted x] 
) Address T; DIX-IP-Other Protocols [Pass >] [Unlisted >| 
Dea DIX-IPX Sockets [Pass | [Unlisted | 
[=] Customizat DIX-Other EtherTypes [Pass ¥] [Unlisted >] 
nes eee SNAP-IP-TCP Ports [Pass ¥] | Unlisted >] 
GaNetwork Managet SNAP-IP-UDP Ports [Pass ¥] [Unlisted >] 
re SWAP_TP_Mthar Pratarale [Pace wlll Inlictad +! z| 
€) in| ® Intemet WV 


Figure 24 Ethernet Frame Type Filters Screen 


4, Set the action and scope for any particular frames. When you are 
finished, click Submit Changes to save your changes. 
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The following table explains various frame types. 


Frame Type 


Explanation 


DIX IP TCP Ports 
DIX IP UDP Ports 
SNAP IP TCP Ports 
SNAP IP UDP Ports 


Primary Internet Protocol Suite (IP) transport 
protocols. 


DIX IP Other 
Protocols 
SNAP IP Other 
Protocols 


IP protocols other than TCP or User Datagram 
Protocol (UDP). 


DIX IPX Sockets 


Novell NetWare protocol over Ethernet II frames. 


SNAP IPX Sockets 


Novell NetWare protocol over 802.2 SNAP frames. 


802.3 IPX Sockets 


Novell NetWare protocol over 802.3 RAW frames. 


DIX Other Ethernet 
Types 

SNAP Other 
Ethernet Types 


DIX or SNAP registered protocols other than IP or 
IPX. 


802.2 IPX Sockets 


Novell running over 802.2 Logical Link Control 
(LLC). 


802.2 Other SAPs 


802.2 SAPs other than IPX or SNAP. 


Note 


You cannot filter HTTP, Telnet, SNMP, and ICMP protocol ports 
because they are used for configuration and management of the 
UAP. Additionally, you cannot filter broadcast ARP request frames if 
the target IP address belongs to the local UAP or to a UAP in the 
subtree rooted at the local UAP. 


Using Predefined Subtype Filters 


You can set filters on certain frame subtypes by setting the action, 
subtype, and Value of the filter. 


Action You can set the action to either Pass or drop all frames of that 


type. 


Subtype This read-only field displays the frame subtype. 


Value This read-only field provides information about the subtype 


value. 
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To set predefined subtype filters, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet, and then click Ethernet Filters. The Ethernet screen 
appears. 


3. Click Predefined Subtype Filters. The Ethernet Predefined Subtype 
Filters screen appears. 


zioix 
| File Edit View Favorites Tools Help Ea 
| sack » > ~ @ [2] | Asearch (yFavorites Bristory | Eh SH 

Address |@] hetp://149.35.50.2/pubjweomehim —s—s—~—SsSsSsSSY Go | Links 


MV Allied Telesyn 


Simply connecting the @® world 


Access Point Configuration 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
Ethernet/Ethernet Filters/Predefined Subtype Filters/ 


Submit Changes 


AP Configuration 


[E)TCPAP Settings 
GQIEEE 802.11B Radio | Action SubType Value 


GlSpanning Tree Settings DIX-ARP [Pass +] DIX-EtherType 08 06 


rere Fiters SNAP-ARP [Pass >] |SNAP-EtherType [08 06 
lAddress Table '802.2-IPX-RIP [Pass ~] |802.2-IPX-Socket |04 53 
ee ries 802.2-IPX-SAP [Pass | |802.2-IPX-Socket |04 52 
ElCustomizable Subtype Filters NNL  |[Pass »] DIX-EtherType |87 5b 

a hae NETBIOS [Pass ~] |802.2-SAP £0 £0 

GaNetwork Management ICMP Pass +] DDX-IP-Protocol (0001 

EaPasswords 

EsMaintenance 


| | [gp Internet 


Figure 25 Ethernet Predefined Subtype Filters Screen 


4, Set the action for any filters you want to change. When you are 
finished, click Submit Changes to save your changes. 


Using Customizable Subtype Filters 


You can define the action, subtype, and Value parameters in customized 
filters. 


Action You can set the action to either Pass or drop all frames of that 
type. 


Subtype Selects the frame subtype you wish to filter. 
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Value Refer to the following table for the value for a specific subtype. 
The value must be two hex pairs. You must enter port values as decimals; 
for example enter "23." for port 23. The UAP displays the hexadecimal 
equivalent in the value field on the menu. When a match is found 
between frame subtype and value, the specified action is taken. 


The following table describes frame subtypes and their values. 


Subtype Value 
DIX-IP-TCP-Port Port value in hexadecimal. 
DIX-IP-UDP-Port Port value in hexadecimal. 


DIX-IP-Protocol Protocol number in hexadecimal. 
DIX-IPX-Socket Socket value in hexadecimal. 
DIX-EtherType Specify the registered DIX type in hexadecimal. 


SNAP-IP-TCP-Port | Port value in hexadecimal. 
SNAP-IP-UDP-Port | Port value in hexadecimal. 
SNAP-IP-Protocol Port value in hexadecimal. 
SNAP-IPX-Socket Socket value in hexadecimal. 


SNAP-EtherType SNAP type in hexadecimal. To filter on both SNAP 
type and OUI, use advanced filters. 


802.3-IPX-Socket Socket value in hexadecimal. 


802.2-IPX-Socket Socket value in hexadecimal. 
802.2-SAP 802.2 SAP in hexadecimal. 


To set customized subtype filters, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet, and then click Ethernet Filters. The Ethernet screen 
appears. 
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3. Click Customizable Subtype Filters. The Ethernet Customizable 
Subtype Filters screen appears. 


| Access Point Configuration - Microsoft Internet Explorer ; - (Oj x] 
| File Edit View Favorites Tools Help Ea 
| Back ~ => ~ & [2] @| QSearch (qFavorites —Bristoy | E4~ & Q 


| Address [@] http://149.35.50.15/pub/welcome. htm +] @Go || Links » 
MVE Allizd Telesyn Access Point Configuration 


Simply connecting the @® world 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 


Ethernet /Ethernet Filters /Customizable Subtype Filters / 


Submit Changes 


AP Configuratio 
[2)TCPAP Settings 


GHIEEE 802.11B Ra | Action SubType Value 
prs gaat ing Tree Set 1 [Pass ¥][DXAP-TCP-Pon =] fooo0 
‘ ernet 
@ Ethernet Fitter 2 [Pass =] [DMIP-TCPPot | foo 00 
E) Address T; 13 [Pass »][DDIP-TCP-Porn >] [00 00 
[=)Frame Typ 
[E]Predefined 4 [Pass =] [DMIP-TCPPot | foo 00 
EE) Customizat 5 [Pass »| [DXIP-TCP-Port | 00 00 
GRAdvanced I ; 
GaP Tunnels 6 | Pass | [DIXMHIP-TCP-Port | 00 00 
GaNetwork Manager + | [DDCPTOPPon | 
a 7 [Pass =] [DXAP-TCP-Port 00 00 . 


Figure 26 Ethernet Customizable Subtype Filters Screen 


4. Configure each parameter to the desired values. When you are 
finished, click Submit Changes to save your changes. 


Configuring You can use advanced filters if you need more flexibility in your filtering. 
Advanced Settings for advanced filters execute after those for other filters; that is, 
Filters advanced filters are only applied if the frame has passed the other filters. 
If earlier filters dropped the frame, the advanced filter will not be 
applied. 


You can use filter values and filter expressions to minimize network 
traffic over the RF links; however, you should only use advanced 
Ethernet filters if you have an extensive understanding of network 
frames and their contents. You should use other existing filters 
whenever possible. 
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Setting Filter Values 


You can associate an ID with a pattern value by selecting a filter and then 
entering an ID and a value. All values with the same value ID belong to 
the same list. 


To set the value ID and value, do the following: 
1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet, and then click Ethernet Filters. The Ethernet screen 
appears. 


3. Click Advanced Filters, and then click Filter Values. The Filter Values 
screen appears. 


3 Access Point Configuration - Microsoft Internet Explorer - (Oj x] 
| File Edit View Favorites Tools Help Ea 
| S Back ~ => ~ @& 2) GY) QSeach yFavorites CBHistoy | E4~  Q 


| Address (é) http://149.35.50.15/pub/welcame. htm >| @Go | Links >? 
MV Allied Telesyn 


Simply connecting the world 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 


Ethernet Ethernet Filters /Advanced Filters /Filter Values / 


Access Point Configuration 


Submit Changes 


AP Configuratio 
[E)TCP/DP Settings 


GSIEEE 802.11B Ra 
EaSpanning Tree Set 1 { 
‘Sa Ethernet 
‘aa Ethernet Filter 2 |fo 
[Z) Address T; 3 oc 0Ot~—™ TtwtCisSCY 
[2)Frame Typ 
[2)Predefined 4 fo 
[2] Customizat 5 co )—t—‘C~™S [tsti‘CCisSY 
‘el Advanced 
=) Filter V 6 fo 
: (=) Filter El 7 Cc 0t~—=™ [tti‘i‘CSOOCCSOY a 
\é] Done rt) Internet a 


Figure 27 Filter Values Screen 


4. Enterup to 22 value IDs and values. When you are finished, click 
Submit Changes to save your changes. 
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Setting Filter Expressions 


You can set filter expressions by specifying parameters for packet filters. 
You can also create a filter expression, which is executed in ascending 
order based on the ExprSeq values until the UAP determines whether to 
pass or drop the frame. 


To set filter expressions, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Ethernet, and then click Ethernet Filters. The Ethernet Filters 
screen appears. 


3. Click Advanced Filters, and then click Filter Expressions. The Filter 
Expressions screen appears. 


3 Access Point Configuration - Microsoft Internet Explorer 


| File Edit Yiew Favorites Tools Help 
| Back ~ => ~ & (2) | Asearch Gejravorites CBristory | Eh~ 

| Address je) http://149,35.50.2/pub/welcame.htm y| @6o {Links >» 
MV Allizd Telesyn 


Simply connecting the @® world 


Access Point Configuration 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
Ethernet/Ethernet Filters/Advanced Filters/Filter Expressions/ 


AP Configuratior 


[E)TCPAP Settings — : = = : 
E@IEEE 802.11B Rac Mask | Op | ValueID | Action 


Capa Tee Set “feu _>w 
‘aa Ethernet Filters [Ea >| 0 And >| 
[E) Address Ta [  feox| = fr [and 1g 
)Erame Type } = a 
[E] Predefined ; fea =] fo And >| 
E)Customizab |: ——= 
aa Advanced F F il a 
)Filter Ve [Eo x] 10 And =] 
ae es "| ee 
En = || ye — || | oe 
E » 


4 
\é] Done Ww, 


al alul ea} w]e] | 


Figure 28 Filter Expressions Screen 


4. Configure the Filter Expressions parameters. When you are finished, 
click Submit Changes to save your changes. 


AT-WL2411 Wireless Access Point Installation Guide 


The next table explains each parameter. 


Parameter Explanation 


ExprSeq You can use the Expression Sequence parameter to 
chain expressions together for filtering. The ExprSeq 
parameter works with the Action parameter; for 
example, if action is set to And, then the next 
sequence in another expression is processed. After 
you change the parameter, the statements are 
physically reordered and renumbered so the 
Expression Sequence order is maintained. The range 
is from 0 to 255. 


Offset You can use Offset to identify a point inside a bracket 
where testing for the expression is to start. Offset 
values range from 0 to 65535. 


Mask You can enter a data pattern that is applied to the 
packet. If the data pattern in the mask matches the 
packet, then the specific action is performed. The 
mask indicates the bits that are significant at the 
specified offset. A bit is significant if a bit in the mask 
is set to One. If this field is empty, the length of the 
field is determined by the longest value in the Filter 
Values menu for the specified value ID. The mask 
values are entered in hexadecimal pairs. You can 
enter 0 to 8 pairs. 


Op (Operation) |When a data pattern matches a value in the Filter 
Values menu, a logical operation is performed to 
determine if the specified action should be taken. 
Valid operations include: 


L) EQ (equal) 

J NE (not equal) 

1 GT (greater than) 

LT (less than or equal) 


Value ID Each expression contains a value ID. Value ID 
represents a value in the Filter Values menu. The 
bytes after the packet offset are compared to the 
data pattern indicated by the value. Value ID can be 
from 0 to 255 and must match one or more value IDs 
in the Filter Values menu. 


Action You can set the action to Pass, Drop, or And. If you set 
the action to And, the filter expression with the next 
highest sequence is applied. 
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Ethernet Advanced Filter Example 

The following example shows how to use Ethernet Advanced Filters to 
discard all DIX IP multicast frames except those from a selected list of 
Ethernet stations. 


Set the following filter values for this example. 


4 Access Point Configuration - Microsoft Internet Explorer (05) x 
| File Edit Yiew Favorites Tools Help Ei 
| eBack ~ => ~ & [2] | Asearch Gejravorites CBristory | Eh~ & 

Address [@] hetp://149.95.50.2/pubjwekcomehtm SS s—s—~—sSsSsSsSSSSSS Go | Links 


Az Alligd Telesyn ; 

: co Ie ey Access Point Configuration 

imply connecting the @® world 

Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
Ethernet/Ethernet Filters/Advanced Filters/Filter Values/ 


Submit Changes 


AP Configuratior 
ETCP/P Settings 
EGIEEE 802.11B Ra¢ 
EaSpanning Tree Setti 
‘aa Ethernet 

‘ea Ethernet Filters 

[El Address Ta 
[E)Frame Type 
[E)Predefined ; 
Customizab 
‘aa Advanced F 

(2) Filter Va 

[2] Filter Ex 


ESL Tunnels a 
> 


foocob2000001 
Joocob2000002 
Joocob2000003 


Oa A wR) wee 
1 


| | Internet 


Figure 29 Filter Values Screen - Example 


Three value entries have the same value ID of 3 to demonstrate how to 
enter alist. All entries with the same value ID belong to the same list. 


The following table explains the values used in the Filter Values. 


Value ID Value Description 
1 0800 Check for a DIX IP frame. 
2 01 Check for a multicast/broadcast 
frame. 
3 00c0b2000001 | Check for these specific Ethernet 
00c0b2000002 ‘| station addresses. 
00c0b2000003 
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Set the first filter expression as shown below. 


4 Access Point Configuration - Microsoft Internet Explorer -/5) x| 


| File Edit View Favorites Tools Help 


| eBak > > ~ @ | GQsearch fyravorites CBristory | E4~ SH 


| Address [4] http://149.35.50.2/pubjwelcome.htm >| @60 || Links > 


, Allied Telesyn 


Simply connecting the (G) world 


AP Configuratior 


EE}TCP/P Settings 
GMIEEE 802.11B Ra¢ 
EaSpanning Tree Setti 

‘a Ethernet 

‘ea Ethernet Filters 
Address Ta 
Frame Type 
Predefined § 
Customizab: 
‘a Advanced F 
Filter Va 
Filter Ex 


EAP Tunnels = 
rf 


Access Point Configuration 


Figure 30 Filter Expressions Screen #1 - Example 


The following table explains the values used in the first filter expression. 


Parameter Value Explanation 

ExprSeq iE This is the first expression. 

Offset 0 The offset is zero. Look at the first 
byte of the destination address. 

Mask 01 Only check the Ethernet multicast 
bit. 

OP EQ Compare the value at the offset to 


the value specified on the Filter 
Values menu to see if they are 
equal. (If the value at the offset 
equals the specified value on the 
Filter Values menu, the frame is 
multicast, in this example.) 
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Parameter Value Explanation 


Value ID 2 Use the value from the Filter 
Values menu whose value ID is 2. 


Action And If this filter expression is true, 
continue to the next expression. 


Set the second filter expression as shown below. 


os 
| File Edit View Favorites Tools Help Ea 
| eBak > > ~ @ Z|) GQsearch fyravorites CBristory | E4~ SH 

[Address [@] hetp://149.35.50.2/pubjwekomehim —s—s—~—sSsSsSSY Go | Links 


~ Allied Telesyn Access Point Configuration 


Simply connecting the @® world 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
Ethernet/Ethernet Filters/Advanced Filters/Filter Expressions/ 


Submit Changes 


AP Configuratior 
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Figure 31 Filter Expressions Screen #2 - Example 


The following table explains the values used in the second filter 


expression. 

Parameter Value Explanation 

ExprSeq 2 This is the second expression. 
Offset 12 The data for this express begins at 


an offset of 12 bytes from the 
beginning of the destination 
address. (Check for DIX IP frame 
type, in this example.) 
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Parameter 


Value 


Explanation 


Mask 


fff 


Check two bytes for an exact 
match. 


OP 


EQ 


Compare the value at the offset to 
the value specified on the Filter 
Values menu to see if they are 
equal. (If the value at the offset 
equals the specified value on the 
Filter Values menu, the frame is 
DIX IP, in this example.) 


Value ID 


Use the value from the Filter 
Values menu whose value ID is 1. 


Action 


And 


If this filter expression is true, 
continue to the next expression. 


Set the third filter expression as shown below. 


4 Access Point Configuration - Microsoft Internet Explorer - (5 x| 
| File Edit View Favorites Tools Help Ea 


| exBack y > ~ @ [2] G| Asearch (yFavorites CBristory | hy 


[Address [47 http://149.35.50.2/pubwelcome.htm ] P60 | |Links » 


MV Allizd Telesyn 


Simply connecting the @® world 


Access Point Configuration 


Logout | SaveDiscard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
Ethernet/Ethernet Filters/Advanced Filters/Filter Expressions/ 


AP Configuratior 


Submit Changes 


E}TCP/P Settings 
EMIEEE 802.11B Ra¢ 
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Figure 32 Filter Expressions Screen #3 - Example 


The following table explains the values used in the third filter expression. 


Parameter Value Explanation 
ExprSeq 3 This is the third expression. 
Offset 6 The data for this expression begins 


at an offset of 6 bytes from the 
beginning of the destination 
address. (Check the source 
Ethernet address, in this example.) 


Mask FEFFTFFFTTTF Check six bytes for an exact match. 


OP NE Compare the value at the offset to 
the value specified on the Filter 
Values menu to see if they are not 
equal. (Compare the source 
Ethernet address with the list of 
Ethernet addresses from the Filter 
Values menu.) 


Value ID 3 Use the value from the Filter 
Values menu whose value ID is 3. 


Action Drop If the source Ethernet address does 
not match any address included in 
the list on the Filter Values menu, 
then drop the frame. 


The three expressions in this example combine to form asingle 
compound expression. The compound expression forms an advanced 
filter that drops all DIX IP multicast frames except those from the three 
Ethernet stations whose addresses are listed on the Filter Values menu. 


The default action is always the opposite of the action specified in the 
last expression. In this example, the action of the last expression is Drop; 
therefore, the default action is Pass. Any frame that meets the conditions 
specified in the advanced filter is passed. 


AT-WL2411 Wireless Access Point Installation Guide 


Configuring IP Tunnel Filters 


Configuring IP 
Multicast 


You can set both Ethernet and IP tunnel filters, and you can create 
protocol filters for both predefined and user-defined protocol types. In 
addition, you can define arbitrary frame filters based on frame content. 


Configure IP Multicast to determine if the root will send IP multicast 
packets through its IP tunnels. You can set IP Multicast to either pass or 
drop IP multicast packets. 


To configure IP Multicast, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels, and then click Tunnel Filters. The Tunnel Filters 


screen appeals. 


nos 
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Figure 33 Tunnel Filters Screen 


3. Clickthe IP Multicast down arrow and choose Drop or Pass. When you 
are finished, click Submit Changes to save your changes. 
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Configuring IP You can define an IP address for which the access point can originate 
Addresses _ tunnelsifit is functioning as the root for the network. The tunnel can be 
configured using aclass D multicast IP address. Allied Telesyn’s default is 
224.0.1.65. 


To configure IP addresses, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32) 


2. Click IP Tunnels, and then click IP Addresses. The IP Addresses screen 
appears. 


ox) 
| File Edit View Favorites Tools Help [ # | 
| Back y => ~ @ (2) | Asearch Gejravorites CBristory | Eh~ & 

Address |Z] hetp://149.35.50.2/pubjwekomehim —ss—sSsSsSsSSSY Go | Links 


- Allied Telesyn 


Simply connecting the @® world 


Access Point Configuration 


é Pg i } | Upgi 
IP Tunnels/IP Addresses/ 


Submit Changes 
AP Configuration 


rare Address fi4935.282 0 
EaSpanning Tree Setting Address fooo 87 
GaEthemet Address foooo-t—™ 
ee, Address foooot—™ 

aTunnel Filters. Address foooo-t—™ 
EaNetwork Managemen Address foooot—™ 
GaPasswords Address foooot—™ 
gb euets Address foooo-t—™ 


\é] (1 item remaining) Downloading picture http://149.35.50.2/pub/file. gif... | | r Internet 


Figure 34 IP Addresses Screen 


3. Enter up to 8 IP addresses. When you are finished, click Submit 
Changes to save your changes. 
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Using Frame Type Filters 


Permanent IP output port filters prevent unwanted frame forwarding 
through an IP tunnel. For detailed information about frames that are 
never forwarded, see "Frame Types That Are Never Forwarded" in 

Appendix B. IP ICMP packets with the following types are forwarded: 


OY Echo Request 

Echo Reply 

Destination Unreachable 
Source Quench 

Redirect 


Alternate Host Address 


OU 

O 

O 

O 

O 

UO Time Exceeded 
QO Parameter Problem 

O Time Stamp 

LU) Time Stamp Reply 

UO) Address Mask Request 
O 


Address Mask Reply 


O) Trace Route 


An IP or ARP frame is never forwarded inbound through an IP tunnel 
unless the source IP address belongs to the home IP subnet. The home 
subnet is the IP subnet that is physically connected to the root UAP. An 
IP frame is never forwarded outbound through an IP tunnel unless the 
destination belongs to the home subnet. 


You can set action and scope. 

Action Passes or drops that type of frame. 
Scope Sets the scope of the filter. 

All All frames of that type are filtered. 


Unlisted Frames of that type are filtered only if they are notin the 
predefined or customizable IP tables. 
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To set frame type filters, do the following: 


1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels, and then click Tunnel Filters. The Tunnel Filters 
screen appears. 


3. Click Frame Type Filters. The Frame Type Filters screen appears. 
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Figure 35 Frame Type Filters Screen 


4. Setthe action and scope for any particular frames. When you are 
finished, click Submit Changes to save your changes. 


Using Predefined Subtype Filters 


You can set filters on certain frame subtypes by setting the action, 
subtype, and value of the filter. 


Action Passes or drops all frames of that type. 
Subtype Displays the frame subtype. 


Value Provides information about the subtype value. 
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To set predefined subtype filters, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels, and then click Tunnel Filters. The Tunnel Filters 
screen appears. 


3. Click Predefined Subtype Filters. The Predefined Subtype Filters 
screen appears. 
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| File Edit View Favorites Tools Help 
| seBack + <f @ [2] fa | Qsearch (Favorites ¢4History Ey & 


| Address a http://149.35.50.2/pubjwelcome. htm @Go | |Links » 
me Alligd Telesyn Access Point Configuration 


Simply connecting the @® world 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
IP Tunnels/Tunnel Filters/Predefined Subtype Filters/ 


Submit Changes 
AP Configuratior 
E\TCPAP Settings 


€aIEEE 802.11B Rac Action | SubType _‘([Value 
GiSpanning Tree Setti | DIXARP [Pass y]|DDX-EtherType 08 06 


EgEthemet r st 2 
SP Tunnels SNAP-ARP [Pass y| |SNAP-EtherType 08 06 


EDP Addresses |802.2-IPX-RIP [Pass ~] |802.2-IPX-Socket |04 53 


a Tunnel Filt , 
be eee na '802.2-IPX-SAP [Pass +] |802.2-IPX-Socket |04 52 
[E)Predefined ; | NNL Pass +| DIX-EtherType [87 5b 


E) Customizab: | NETBIOS [Pass +] |802.2-SAP £0 £0 


GaNetwork Manager 
EaPasswords ICMP Pass ¥| |DIX-IP-Protocol |00 01 


GaMaintenance = 
| 


|| [ag Internet 


Figure 36 Predefined Subtype Filters Screen 


4, Set the action for any filters you want to change. When you are 
finished, click Submit Changes to save your changes. 


Using Customizable Subtype Filters 


You can define the action, subtype, and value parameters in customized 
filters. 


Action Passes or drops all frames of that type. 


Subtype Selects the frame subtype you wish to filter. 
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Value Specifies the value of the subtype. Refer to the following 
table for the value for a specific subtype. The value must 
be two hex pairs. You must enter port values as decimals; 
for example enter "23." for port 23. The UAP displays the 
hexadecimal equivalent in the Value field on the menu. 
When a match is found between frame subtype and 
value, the specified action is taken. 


To set customized subtype filters, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels, and then click Tunnel Filters. The IP Tunnels/Tunnel 
Filters screen appears. 


3. Click Customizable Subtype Filters. The Customizable Subtype Filters 
screen appears. 
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Figure 37 Customizable Subtype Filters Screen 
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4. Configure each parameter to the desired values. When you are 
finished, click Submit Changes to save your changes. 


The following table describes frame subtypes and their values. 


Subtype Value 
DIX-IP-TCP-Port Port value in hexadecimal. 
DIX-IP-UDP-Port Port value in hexadecimal. 


DIX-IP-Protocol 


Protocol number in hexadecimal. 


DIX-IPX-Socket 


Socket value in hexadecimal. 


DIX-EtherType 


Specify the registered DIX type in hexadecimal. 


SNAP-IP-TCP-Port 


Port value in hexadecimal. 


SNAP-IP-UDP-Port 


Port value in hexadecimal. 


SNAP-IP-Protocol 


Port value in hexadecimal. 


SNAP-IPX-Socket 


Socket value in hexadecimal. 


SNAP-EtherType 


SNAP type in hexadecimal. To filter on both SNAP 
type and OUI, use advanced filters. 


802.3-IPX-Socket 


Socket value in hexadecimal. 


802.2-IPX-Socket 


Socket value in hexadecimal. 


802.2-SAP 


802.2 SAP in hexadecimal. 


Creating IP Tunnels 


For more information, see Appendix B, "Understanding IP." 
To create an IP tunnel, do the following: 


1. Configure the root UAP to originate the tunnel. 


2. Specify the IP addresses of the UAPs that will listen at the other end of 
each tunnel. 


IP Tunnel Filter = The next examples illustrate how to set filters to optimize wireless 
Examples _ performance. The sample network illustrated next includes 


UO wireless stations using IP. 


QO asecondary LAN containing IP and IPX hosts, linked by UAP 2 and 
UAP 4. 


QO an!PX router connecting to another Novell network. 


OY DIX and 802.3 SNAP frames. 


Many networks use only one Ethernet frame type. DIX is the most 
common type. Set filters only for the Ethernet types found on your 
network. 


IP Host Novell Server 


IPX Router 


#3| IP Wireless IP Host IPX Host 


= ee Stations 
woo E 
UAP 4 = 
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Example 1 


UAPs 1, 3, 5, and 6 service only IP end devices. These UAPs need to pass 
IP traffic, but eliminate IPX traffic that does not need to be forwarded to 
the primary or secondary LAN. Filter the IPX frames in the Ethernet 
Frame Type Filter table. No subtype filters are needed. 


Example 2 


UAPs 2 and 4 service IP end devices as well as wired IP and IPX hosts on 
the secondary LAN. In addition, these UAPs pass IPX traffic. The IPX 
router in this network periodically sends IPX RIP frames for coordinating 
with other routers. These do not need to be forwarded to the secondary 
LAN because the secondary LAN does not contain a router. 


To filter the IPX RIP frames, you need to configure subtype filters. This 
example sets filters for three different cases: DIX, 802.2, and 802.3 SNAP 
frames. In many actual networks, only one type of filter is required 
because all stations are configured using one of the three options. 


For this example, set the following options in the Ethernet Frame Type 
Filters screen. 


4W Access Point Configuration - Microsoft Internet Explorer - (0) x 


| File Edit View Favorites Tools Help Ea 
| Back ~ => ~ & (2) Gb) Gsearch Geyravorites CHristory | Eh~ Sp 
| | Address je] http: //149,35.50.2/pub/welcome. htm +] @Go |Links bed 


MAW Allied Telesyn 


Simply connecting the @® world 


Se eee 
Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 


IP Tunnels/Tunnel Filters/Frame Type Filters/ Help 


Access Point Configuration 


Submit Changes 


AP Configuration 
EE\TCPAP Settings 


GSIEEE 802.11B Radio | Action | Scope 
GASpanning Tree Setting DIXIP-TCPPorts [Pass ~][Al =] 
GSEthernet j 
iP Tunnels DIX-IP-UDP Ports [Pass >| [AI Y 
EP Addresses DIX-IP-Other Protocols [Pass ~] far >| 
ees DIGIPX Sockets [Pass =] [Unisted =] 
E)Predefined Sut DIX-Other EtherTypes [Pass >] [Unlisted >| 
OR ere SNAPIP-TCP Ports [Pass =|Al =] 
EaPasswords SNAP-IP-UDP Ports [Pass >| | a | 
GaMaintenance SNAP-IP-Other Protocols [Pass ~] [Unlisted >] 
SNAP-IPX Sockets [Pass >] [Unlisted >| 
SNAP-Other EtherTypes [Pass ¥] [Unlisted >] 
802.3-IPX Sockets [Pass ¥] [Unlisted >| 
802.2-IPK Sockets [Pass >] [Unlisted >] 
: a 802.2-Other SAPs [Pass =] [Unlisted =] - 
(] Done [| [e@ internet Y 


Figure 38 Frame Type Filters Screen - Example 
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You need to use subtype filters to drop IPX RIP for 802.2, DIX, and 802.3 
frames. Use the settings shown next on the Ethernet Predefined Subtype 
Filter table to filter IPX RIP for 802.2 frames. 


Settings for Ethernet Filter Example 2 
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Figure 39 Predefined Subtype Filters Screen - Example 
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Use the settings shown next on the Ethernet Customizable Subtype 
Filter table to filter DIX-IPX for 802.3 IPX. 
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Figure 40 Customizable Subtype Filters Screen - Example 


Example 3 


If you have a Windows NT server and want to use DHCP for automatic 
address assignment for an end device on a remote subnet, you need to 
set the following filters to allow for the necessary IP tunneling. See 
"Configuring Ethernet Filters" and "Configuring IP Tunnel Filters" for 
information about how to configure these settings. 


1. On the UAP that originates the tunnel, set 
QO IP Multicast to Pass. 


Q) DIX-IP-UDP Ports to Pass All in the IP Tunnel Frame Type Filter 
table. 


2. Onthe UAP that terminates the tunnel, set 


Q) DIX-IP-UDP Ports to Pass All in the IP Tunnel Frame Type Filter 
table. 
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Configuring 
Mode 


Configuring 
IGMP 


Example 4 


If you have a Linux or Unix DHCP server and want to use DHCP for 
automatic address assignment for an end device on aremote subnet, set 
DIX-IP-UDP Port to Pass All in the IP Tunnel Frame Type Filter table. 


Mode controls whether the UAP listens for an IP tunnel or originates IP 
tunnel connections with other UAPs. 


To configure Mode, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels. The IP Tunnels screen appears. 
3. Click the Mode down arrow and choose Listen or Originate If Root. 


Listen The UAP can serve as the termination of a tunnel if the 
UAP is the designated bridge for the subnet. The UAP cannot 
Originate a tunnel. 


Originate If Root The UAP can originate IP tunnels if it is 
functioning as the root for the network. 


When you are finished, click Submit Changes to save your 
changes. 


Internet Group Management Protocol (IGMP) lets you establish multiple 
IP tunnels using a single multicast IP address. If you enable IGMP, the 
root UAP uses a Class D IP multicast address to send IP Hello packets 
through routers to UAPs on other IP subnets. 


Enabling IGMP on remote IP subnets causes intermediate IP routers to 
forward the IP hello packets to those subnets. Using IP multicast and 
IGMP for IP Hello packets has these advantages: 


UO Allows you to establish multiple tunnels with a single address. 


QO Causes IP Hello packets to be forwarded only to those IP subnets 
that participate in the multicast group. 


UO) Increases redundancy because multiple UAPs on aremote subnet 
can receive IP Hello packets. 
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To configure IGMP, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels. The IP Tunnels screen appears. 
3. Click the IGMP down arrow and choose Enabled or Disabled. 
Enabled Causes the root UAP to use a Class D IP multicast 


address to send IP Hello packets through routers to UAPs on other 
IP subnets. 


Disabled Causes the root UAP not to use a Class D IP multicast 
address to send IP Hello packets through routers to UAPs on other 
IP subnets. 


When you are finished, click Submit Changes to save your 
changes. 


Chapter 6 
Troubleshootingand Maintaining 
the AT-WL2411 UAP 


This chapter explains how to upgrade the AT-WL2411 UAP firmware. 
This chapter also explains how to troubleshoot and maintain the UAP. 


Analyzing the AT-WL2411 UAP 


You can view different parameters configured for the AT-WL2411 UAP, 
including port statistics, connections, and a configuration summary. The 
information on these screens may be needed when you call Allied 
Telesyn Technical Support. 


Viewing AP AP Connections shows information about the devices in the spanning 
Connections — subtree. 


To view AP connections 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Maintenance. 
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3. Click AP Connections. The read-only AP Connections screen appears. 
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Figure 41 AP Connections Screen 


Viewing Port The Port Statistics screen shows the total number of frames and bytes 


Statistics that the access point has transmitted and received since it was last 
booted. 


To view port statistics, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Maintenance. 


101 


102 


3. Click Port Statistics. The read-only Port Statistics screen appears. 
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Figure 42 Port Statistics Screen 


Viewing the — Configuration Summary summarizes the major configuration settings 
Configuration and installed hardware for the access point. 


Summary To view the configuration summary, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Maintenance. 
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3. Click Configuration Summary. The read-only Configuration Summary 
screen appears listing each parameter in the access point and its 
current configuration. 
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Figure 43 Configuration Summary Screen 


Viewing About this Access Point shows information about the UAP including 
Information software versions, radio versions, and MAC addresses. 


About the UAP 5, view About this Access Point, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Maintenance. 
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3. Click About this Access Point. The read-only About this Access Point 
screen appears. 
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Understanding the LED Lighting Sequence 


When the UAP is powered on, the LEDs flash as the UAP boots and 
performs internal diagnostics. The table below describes the LED activity 
during the boot process. 


Power Wireless #1 | Wireless #2 |WiredLAN /Root/Error |Description 

On Off Off Off On Flash checksum 
being calculated. 

On On Off Off On Flash checksum 
failure. 

On Off Off On Off RAM test in 
progress. 

On On Off On Off RAM test failure. 

On Off On Off Off Monitor loading in 
progress. 

On Off On Off On Ethernet test in 
progress. 

On On On Off On Ethernet test failure 


After the UAP successfully boots, the LEDs display the following pattern: 


Power Wireless #1 |Wireless #2 |Wired LAN | Root/Error 
On Flashes Flashes (if Flashes Flashes if the 
radio UAP is 
installed) configured 
as the root. 
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Upgrading the AT-W1L2411 UAP Firmware 
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Using a Web 
Browser 


For optimal performance, you should install the most current firmware 
version on all the UAPs in your network. Firmware releases are available 
from the Product Support Page on the Allied Telesyn Web site. 


You can install the firmware release using 


L) aWeb browser session. For more information, see "Using a Web 
Browser," in the next section. 


OW aserial connection. For more information, see Using a Serial 
Connection on page 110. 


L) aTFTIP transfer via a Telnet session. For more information, see 
Using a TFTP Transfer on page 112. 


To upgrade the firmware using a Web browser session, you must first 
install the firmware release on your PC, and then upload the release to 
your UAP. 


The latest version of the UAP firmware is available from the Allied 
Telesyn web site at www.alliedtelesyn.com. To install the firmware 
release on your PC, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Navigate to http://alliedtelesyn.com/2411firmware. 
3. Choose the firmware release. 
After you have the installed the firmware release on your PC, use the 


Web browser interface to upload the file from your PC to the access 
point. 


You can choose to upload the file using one of the following Web 
methods: 


QO) HTTP 


QO TFTIP 
You must havea TFTP server installed to use the TFTP upgrade option. 


In addition, you can upload the files using a communications program. 
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To upload the firmware release using HTTP, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Software Upgrade (HTTP). The Software Upgrade screen 
appears. 


4 Access Point Configuration - Microsoft Internet Explorer : -/O) x| 


| File Edit View Favorites Tools Help 
| eBak > > ~ @ |) Qsearch fayravorites CHristory | E4~ | 
| Address 48] http://149.35.50.2/pubjwelcome.htm x| @Go || Links >» 


MV. Allied Telesyn 


Simply connecting the @® world 


Access Point Configuration 


Logout | Save/Discard Changes | Software Upgrade (HTTP) | Upgrade Other Access Points | Software Upgrade (TFTP) 
Software Upgrade 


AP Configuration Enter or select the name of the firmware upgrade file: 
E\TCP/LP Settings 
GSIEEE 802.11B Radio 
. 
ee Tree Setting _Upgrade | 
ESP Tunnels 
‘ea Network Managemetr 


ee Lo 4 unity S Before upgrading the access point firmware, you must obtain an upgrade file from our 
asswords 


web site at http:/Avww.alliedtelesyn.com/2411firmware. Once you have the file, use 
this page to upgrade this access pot. Enter the file name in the input field above or 
click the "Browse..." button to open a file selection dialog. When the correct file name 
is displayed in the input field, click the "Upgrade" button to start the upgrade. 


Browse 


EaMaintenance 


The upgrade will take up to three minutes to complete. Once it finishes successfully, 


| 


\é] (1 item remaining) Downloading picture http://149.35.50.2/pub/bkgrnd. gif... 


Figure 45 Software Upgrade Screen (HTTP) 


3. Enter the name of the upgrade file, or click the Browse button to find 
the file. 


4. Click Upgrade to start the upgrade. The upgrade may take up to three 
minutes to complete. 


5. When the upgrade is complete, reboot the access point to activate 
the new firmware. 


To upload the firmware release using TFTP, do the following: 
1. Establish a Web browser session if you have not already done so. For 


more information, see Establishing a Web Browser Session on page 
32. 
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2. Click Software Upgrade (TFTP). The Software Upgrade screen 
appears. 
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Figure 46 Software Upgrade Screen (TFTP) 
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3. Click Automated Software Download. The Automated Software 
Download screen appears. 
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Figure 47 Automated Software Download Screen 
4. Configure the following parameters: 
Server IP Address The IP address of your TFTP server. 


Script File Name The location of the upgrade script 
file on the TFTP server. 


Start Time The time the upgrade should start. 


5. Click Start. The upgrade will start when the Start Time expires. The 
UAP reboots when the upgrade is complete. 


lf the upgrade is unsuccessful, the TFTP server prints an error 
message. When you have corrected the problem, repeat steps 2 
through 5. 


6. Click Maintenance, and then click About this Access Point to verify the 
new firmware versions. 


110 


Using a Serial 
Connection 


To upgrade the firmware using a serial connection, you must have the 
firmware release files on your PC and have an RS-232 null-modem cable 
connecting the UAP to your PC. For more information, see the release 
notes that accompany the firmware upgrade. 


To upgrade the firmware using a serial connection, do the following: 


1. Configure the following communications parameters on your PC: 


Baud rate 9600 
Data bits 8 
Parity none 
Stop bit tt 
Flow control none 


2. Rebootthe UAP and enterthe UAP monitor by pressing any key when 
asked. The UAP prompt (uap>) appears. 


3. Type “srvc” and press Enter. 


4. Type the service password. The default password is EV98203S (case- 
sensitive). The service prompt (service>) appears. 


5. Type “fd” and press Enter. The file directory appears. 
6. Scroll up until you see a section similar to the following: 


Startup Segment: This startup =1, Next startup =1 
Data Segment: This startup =3, Next startup =3 


7. \dentify the startup and data segments for this startup-these are the 
current segments. In this example, the active startup segment is 1, 
and the active data segment is 3. 


You will first erase the inactive segments, and then you will load 
the new firmware into the inactive segments and make those 
segments active. In this example, the inactive segments are 2 and 
4. 


8. Erase the inactive startup segment. Type “fe 2” at the service prompt 
and press Enter. A 'P’ appears when the segment is erased. 


9. Erase the inactive datasegment. Type ‘fe 4” at the service prompt and 
press Enter. A 'P’ appears when the segment is erased. 


10. Transfer the startup files to the inactive startup segment. 


a. At the service prompt, type “fx s” (where s is the inactive startup 
segment), and press Enter. A series of Cs appears on your screen. 
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b. Click Transfer, and then click Send File. The Send File dialog box 


appears. 


‘ Send File 2] x| 
Folder: A:\STARTUP 


Filename: 
JAAS TARTUP‘Uap.dnl 


Protocol: 


[Y¥modem 7] 
Send | Close | Cancel | 


Figure 48 Send File Dialog Box 


Click the Protocol down arrow and choose Ymodem. 


Browse to the location where UAP.DNL is saved. Double-click this 
file. The file name appears in the Filename field. 


Click Send to start the file transfer. A 'P’ appears when the transfer 
is complete. 


11. Transfer the data files to the inactive data segment. 


a. 


b. 


d. 


At the service prompt, type fx s (where s is the inactive data 
segment), and press Enter. A series of Cs appears on your screen. 


Click Transfer, and then click Send File. The Send File dialog box 
appears. 


Browse to the location where the data files are saved. Double-click 
any data file. This file name appears in the Filename field. 


To transfer all the data files at once, replace the specific file name 
with an asterisk (*). For example, if the file name is 
c:\2411uap\data\applets.dnl, change it to c:\2411uap\data\*.dnl. 


Click Send to start the file transfer. A 'P’ appears when the transfer 
is complete. 


12. Activate the inactive startup segment by typing fb s (wheres is the 
inactive startup segment) at the service prompt and pressing Enter. A 
'P’ appears when the operation is complete. 


13. Activate the inactive data segment by typing fb s (where sis the 
inactive data segment) at the service prompt and pressing Enter. A ’P’ 
appears when the operation is complete. 


14. Repeat steps 10 through 13 for the second startup file, uapboot.dn. 
15. Type x at the service prompt to return to the uap prompt. 
16. To reboot the UAP, type b and press Enter. 


17. Reconfigure the UAP for your installation, if necessary, and save the 
configuration. To activate the configuration, reboot the UAP. 
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Using a TFTP 
Transfer 


To upgrade the firmware using a TFTP transfer, you must have a TFTP 
server installed. When you execute the script file, UPGRADE.DNL, that is 
included with the firmware release, a TFTP transfer copies all the startup 
and data files to the UAP. For more information, see the release notes 
that accompany the firmware upgrade. 


To upgrade the firmware using a TFTP transfer, do the following: 


1. Start your TFTP server. 
2. Establish a Telnet session with the UAP. 


3. Choose the Maintenance command, and then choose Command 
Console. 


4. Use the sdvars set serveripaddress command to specify the IP address 
of the TFTP server. For example, if the server IP address is 
151.60.110.241, type: 


sdvars set serveripaddress 151.60.110.241 


5. Usethe sdvars set scriptfilename command to identify the script file. 
Type: 


sdvars set scriptfilename c\2411luap\upgrade.dnl 


6. Usethe sdvars set starttime command to set the start time forthe 
upgrade in dd:hh:mmiss format. Start time is a countdown time; 
when the timer expires, the download begins. You can enter days, 
hours, minutes, and seconds in the Start Time field. For example, to 
start the upgrade in two hours and ten minutes, type: 


sdvars set starttime 00:02:10:00 


When the starttime computer reaches zero, the upgrade begins. 
The UAP reboots after the upgrade is complete. 
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Upgrading Other UAPs 


After you have upgraded the root UAP, you can upgrade the other UAPs 
in your network. 


Note 
You MUST perform the Upgrade Other UAPs from the root UAP. 


To upgrade other UAPs, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 


32. 


2. Click Upgrade Other Access Points. The Network Software Upgrade 
screen appears. 
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Figure 49 Network Software Upgrade Screen 
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3. Click the check box next to each UAP you want to upgrade to select, 
or click Select All Access Points to select all of your UAPs. 


4. Click the Now down arrow and select atime to start the upgrade. You 
can choose to start the upgrade immediately or you can delay the 
start of the upgrade one to twelve hours. 


5. Click the From this UAP down arrow and select the source for the 
upgrade. You can choose to use the version that the root access point 
is currently running, or you can use a backup copy. 


6. Click the Upgrade UAPs down arrow and select the access points that 
will be rebooted after the upgrade is complete. You can choose to 
reboot only the upgraded UAPs, or you can choose to upgrade all the 
UAPs. 


7. Click Start Upgrade. The upgrade starts at the time you specified. 
Each UAP on a wired LAN requires approximately three minutes to 
upgrade (slightly longer for wireless UAPs). The browser screen updates 
every 30 seconds as the upgrade progresses and shows the final status 
when all upgrades are complete. If you selected Reboot All Access 


Points, the browser disconnects. Press Refresh on your browser to log in 
again. 


Errors may occur during the upgrade or during the final reboot. If an 
error occurs, an explanation appears on the browser screen. 


If an error occurs during the upgrade, none of the access points reboot. 
You should 

1. recheck the UAPs where the error occurred. 

2. press Start Upgrade to attempt the upgrade again. 


If the upgrade is successful, the UAPs will reboot according to your 
Reboot selection. 


If an error occurs during reboot, you should 


1. wait five minutes for the access points that did not reboot to refresh. 


2. refresh your browser screen and check the access points that are not 
running the new version. 


3. press Start Upgrade to attempt the upgrade again. 


If the upgrade is successful, the UAPs will reboot according to your 
Reboot selection. 


Using SNMP 


Configuring the 
SNMP 
Community 


3 Access Point Configuration - Microsoft Internet Explorer a= 
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The UAP supports SNMP management. Contact your Allied Telesyn 
representative for information about obtaining a copy of the MIB. The 
passwords for accessing the SNMP community table are shown below. 


Type of Access MIB Password 


read only public 


read/write CR52401 


Simple Network Management Protocol (SNMP) community strings are 
passwords used by SNMP. When you use an SNMP client, you must enter 
the correct community string to gain access to the UAP SNMP interface. 


To configure the SNMP community, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Network Management, and then click Community Strings. The 
Community Strings screen appears. 
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Figure 50 Community Strings Screen 
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3. Configure the SNMP community parameters. When you are finished, 
click Submit Changes to save your changes. 


The following table explains the SNMP community parameters. 
Parameter Description 
SNMP Read Community Allows read-only access. Defaults to public. 


SNMP Write Community Allows read/write access. Defaults to 
CR52401. 


SNMP Secret Community Allows read/write access to change the 
community strings. Defaults to Secret. 
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Troubleshooting the Radio 


If the radio is faulty or the configuration matrix string is incorrect, the 
LEDs on the UAP display the following pattern after the UAP boots: 


Power Wireless #1 Wired LAN Root/Error 
On Off On On 


If you are connected to the UAP through a serial connection, an error 
message also appears on your terminal or PC. The error messages are 
described in the following table. 


Error Message Explanation 

Couldn't read country code from radio The radio may be faulty. Contact your Allied Telesyn 
representative. 

Radio A has unknown country code The radio may have been configured incorrectly at 
the factory. Contact your Allied Telesyn 
representative. 


Invalid country code in string for radio The country code in the configuration matrix string 
does not match the country code in the radio in the 
UAP. Contact your Allied Telesyn representative. 


Radio string doesn't match radio installed |When this error message appears, additional 
information also appears on the screen. The radio 
may be faulty. Contact your Allied Telesyn 
representative. 
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Commonly Asked Technical Support Questions 


Refer to the following table for solutions and answers to common 
problems and questions concerning the AT-WL2411 unit. 


Problem/Question 


Possible Solution/Answer 


Is the UAP fully booted? 


When the UAP is fully booted, the Power LED 
remains steady green and the Wired LAN LED flashes. 


The Power LED is not on. 


The UAP may have a hardware problem. 


L. 


Make sure the power cable is firmly plugged into 
the UAP and the power source. 


. Unplug the UAP, and then plug it back into the 


power source. Verify that the Power LED remains 
on. 


. Call Allied Telesyn Technical Support. 


You cannot configure the UAP locally 
using the Serial port. 


. Verify that you are using a null-modem cable to 


connect the UAP to your terminal or PC. 


. Verify that your terminal or PC is set to 9600, N, 8, 


1, no flow control. 


. Your system may be in autobaud mode. Reboot 


and press a key once per second until the signon 
screen appears. 


You cannot ping or Telnet to a new UAP. 


You must set an IP address and subnet mask using 
the serial port before you can remotely connect to 
the UAP. 


You cannot connect to the UAP using a 
Web browser. 


If you access the Internet through a proxy server, be 
sure you have added the IP address of the UAP to the 
Exceptions list. 


The end device cannot connect to the 
network. 


Choose AP Connections from the Maintenance 
menu and verify that the MAC address of your 
end device appears on your PC screen. If it does 
not appear, your device is not communicating 
with the UAP. Check your radio configuration 
settings. 

Verify that the UAP is not filtering out the type of 
traffic you are trying to pass through it. 
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Problem/Question 


Possible Solution/Answer 


The end device cannot synch to the UAP. 


If you are using 802.11b HR radios: 


1) Verify that the end device and the UAP have the 
same frequency and network name. 


The end devices are unable to roam to 
another AT-WL2411. 


Roaming through switches requires backward 
learning, which is part of the IEEE 802.1D standard. If 
switches in your network do not support backward 
learning, you can create a data link tunnel to force all 
radio traffic through a fixed point so that roaming is 
transparent to the bridges or switches. 


To create a data link tunnel 
1. Set Ethernet Bridging to Enable on the root UAP 


2. Set Ethernet Bridging to Disabled on all UAPs that 
are separated from the root by a bridge or switch 
that does not support backward learning. 


For more information, see Chapter 5, "Configuring 
Filters and Tunnels." 


The filters are not filtering properly. 


Check all of your filter settings. Conflicts may exist 
between the various filters. 


You need to verify the WEP keys. 


You cannot verify the WEP keys. The keys are 
encrypted after you enter them and are never 
displayed again. You may need to reconfigure your 
UAPs and end devices to reset the WEP keys. 


You need to confirm which master a WAP 
is connected to. 


To verify that a WAP is communicating with a 
particular UAP, view the AP Connections screen for 
the UAP. Click Maintenance, and then click AP 
Connections. 
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Problem/Question 


Possible Solution/Answer 


You cannot establish an IP tunnel to a UAP 
on aremote subnet. 


1. 


Click TCP/IP Settings and verify that the IP Router 
(Gateway) address is correct. 


. Click Spanning Tree Settings and verify that the 


UAPs on both ends of the tunnel have the same 
LAN ID. 


. Click IP Addresses from the IP Tunnels menu to 


verify that the IP address of the remote UAP 
appears in the IP Addresses list. 


The throughput seems slow. 


Verify that your antennas are well placed and 
that they are not blocked by metal or other 
obstacles. 

You may want to add asecond UAP and 
implement roaming if you move the antenna 
closer to the device and throughput increases. 


You may be able to set filters to eliminate Ethernet 
traffic on the wireless side of the network. For more 
information about filters, see Chapter 5, "Configuring 
Filters and Tunnels." 
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Getting Help with Your Installation 


The AT-WL2411 UAP is designed to be easy to install and configure; 
however, you may need to call Allied Telesyn Technical Support if you 
have problems. Before calling, be sure you can answer the following 
questions: 


Q What kind of network are you using? 
LY What were you doing when the error occurred? 
1 What error message did you see? 


QO Can you reproduce the problem? 


QO What versions of UAP firmware are you using? 
To confirm the firmware version on your UAP, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click Maintenance, and then click About this Access Point. The About 
this Access Point screen appears. 


3 Access Point Configuration - Microsoft Internet Explorer - 


| File Edit View Favorites Tools Help 
| eBak > > ~ @ 4) Qsearch fSyFavorites CHristory | E4~ GH 
| Address [48] http://149.35.50.2/pubjwelcome.htm y| @Go {Links » 


~ Allied Telesyn 


Simply connecting the @® world 


Access Point Configuration 


AP Boot code version 
AP Configuration AP Code version * 
)TCPAP Settings AP Software Release -50 - Enterprise Configuration 
GalIEEE 802.11B Radio System up-time days - 4 hrs 


Spanning Tree Setting: Total flash memory 2097152 
GiEthernet Total RAM 4194304 
GaP Tunnels Available RAM 1800840 
GaNetwork Managemen 

EaPasswords 


Maintenance Port MAC Addresses: 


Ethernet 00°510:40:01:0d:as 
[E) AP Connections IEEE 802.11B Radio 00:02:2d:0a:87:ac 
[E)Port Statistics 


(2) Configuration Surr IEEE 802.115 Radio Versions: 


Primary Firmware 4.04 
E) About this Access Station Firmware 7.28 


Tertiary Firmware Taras] 


| 


Figure 51 About this Access Point Screen 


You should have the information on this screen available when you call 
Allied Telesyn Technical Support. 
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Chapter 7 
Advanced Features 


This chapter describes the UAP monitor, Console Command mode, and 
how to use script files to update the system files. 


Using the UAP Monitor 


The UAP monitor is the system software that controls the UAP. You can 
use UAP monitor commands to manipulate the UAP file segments. 


Understanding = The VAP has the following five segments in its file system: 


UAP Segments 
O) The current active boot or startup segment (can be segment 1 or 
2) 


QO The current inactive boot or startup segment (can be segment 1 
or 2) 


OY The current active data segment (can be segment 3 or 4) 


QO The current inactive data segment (can be segment 3 or 4) 


UO TheRAM memory segment 


You can enter commands to manipulate the boot and data segments. 
For instance, you typically download a new firmware version into an 
inactive segment and then make that segment active the next time the 
UAP boots. For more information on upgrading the UAP firmware, see 
Chapter 6, "Troubleshooting and Maintaining the AT-WL2411 UAP." 
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Entering the You can access the UAP monitor only through the serial port and only 
UAP Monitor during the boot process. 


To enter the UAP monitor, do the following: 


Q) Press any key on the keyboard when you see this message 
displayed during the boot process: 


<Press any key within 5 seconds to enter the 
UAP monitor> 


Note 
Certain functions available through the UAP monitor can erase your 


configuration information. Allied Telesyn strongly recommends 
that you only use the UAP monitor when absolutely necessary. For 
example, you might use the UAP monitor to upgrade your firmware 
or when instructed to do so by qualified Allied Telesyn personnel. 


Using UAP Monitor Commands 
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When you are in the UAP monitor, the UAP prompt (uap>) appears. You 
can display a list of UAP monitor commands anytime you see the UAP 
prompt. 


To display UAP monitor commands, do the following: 


Q) Press a letter or number key on the keyboard, and then press 
Enter. A list of UAP monitor commands appears. 


Note 

If you type the letter B (upper or lower case) and press Enter, the UAP 
will reboot. Type any letter or number OTHER than B to display UAP 
commands. 


The following example shows the list of available UAP commands. The 
commands are not case sensitive; you can type the commands using 
either upper or lower case. 


UAP Monitor V4.03 July 17,2000 
<Press any key within 5 seconds to enter the UAP monitor> 


uap>d 


B -Reboot | -Device IDs 


menu 
FX s -Ymodem File Download | MR —-Display 
Mfg Record 
FD -File System Directory | TEST -Test Menu 
FR -Run Flash Startup File | SRVC -Service Menu 
-Manufacturing Menu | SR z -Serial Baud Rate 
uap> 
Purpose 


Deletes the most recent data record and remains in Accumulate mode. If 
no data exists, a null string is entered. 


Syntax 


B 
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Purpose 


Performs a Ymodem batch protocol download of a file into the flash 
segment that is specified by s. 


Syntax 
FX s 


where sis segment 1, 2, 3, or 4. 


Purpose 


Displays the flash file system directory, including information about the 
boot file. 


Syntax 
FD 


Purpose 


Finds the first executable file in the UAP boot segment and tries to run it; 
therefore, the first executable file in the UAP boot segment must be the 
boot file. 


Syntax 
FR 


Purpose 


Displays the manufacturing record for the UAP. Use the MR command to 
display the MAC address, configuration string, and serial number for 
your UAP. 

Syntax 

MR 

Purpose 

The SR command sets the baud rate of the UAP. 

Syntax 

SR z 


where zis the baud rate. 
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You must enter the baud rate as a whole number with no commas. For 
example, to enter a baud rate of 19,200, you must enter 19200. 


Setting Autobaud Using the SR Command 


You can use autobaud to let the UAP set its baud rate to match the baud 
rate of your terminal, up to a baud rate of 115,200. 


To set Autobaud using SR, do the following: 


1. Set the baud rate to 0 using SR. 


2. Press Enter twice. The autobaud feature automatically detects the 
baud rate of yourterminal and sets the baud rate of the UAP to match. 
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Using Service Mode Commands 


SRVC 


Use service mode to perform certain file functions. Because service 
mode commands can cause undesirable results if not properly executed, 
you should contact Allied Telesyn Technical Support for assistance if you 
are unsure about the proper procedure to use. 


Use the SRVC command to enter service mode. In service mode, you can 
perform file functions such as deleting a file and performing a Ymodem 
download through the serial port. 


To enter service mode, do the following: 


1. Type SRVC and press Enter. 


2. 2.Entera password. The default password is EV98203S (case 
sensitive). 


When you are in service mode, the service prompt (Service>) appears. 
Service mode has a set of defined commands that you can use. 


To display service mode commands, do the following: 


QO) Type any letter or number (other than B) and press Enter. The 
service commands appear on the screen. 


UAP Monitor V4.03 July 17,2000 
Press any key within 5 seconds to enter the UAP monitor> 


uap>srvc 
Enter password : *****xxx 
service>d 


-—-"service>’“ commands... 


FDEL f (s)- File Delete RU - Reset Upgrade 
Bytes 

FE <s|all>- Erase Segment (s) DU -— Display Upgrade 
Bytes 

FI — File System Reset PN — Normal power up 
FFR f (s) - Run File | PQ — Quiet power up 

FX s - Ymodem File Download B — Reboot 

FB bs (ds)- Set Boot/Data Segments| X - Exit 


fe -— File System Directory | SU b -— Set Upgrade Byte 


Most of the commands that you use in service mode are also used in the 
UAP monitor or console command mode and are described in those 
sections in this chapter. Some additional service commands you may 
need are listed next. 
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Purpose 

Runs a program that is specified by f, from a location specified by s. 
Syntax 

FFR f (s) 

where: 

f isthe program name. 

S is the optional segment location of the program. 

Example: To run program UAPBOOT.PRG from segment 1, enter: 


FFR UAPBOOT.PRG 1 


Purpose 


Returns the UAP to normal mode from quiet mode. 
Syntax 
PN 


To return the UAP to normal mode 


1. Reboot the UAP. 


2. TheLEDs flash on and off during the reboot. When the LEDs flash off 
and only the Power LED remainslit, type !!! (three exclamation points). 
The UAP prompt (uap>) appears. 


3. Type SRVC and press Enter. 


4. Type the service password (the default is EV98203S) and press Enter. 
The service prompt (Service>) appears. 


5. Type PN and press Enter. 
6. Type Bto reboot the UAP in normal mode. 


Purpose 


Puts the UAP in quiet mode. When the UAP isin quiet mode, you cannot 
access the UAP monitor. You may want to use quiet mode for security 
reasons. 

Syntax 


PQ 
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Using Test Mode Commands 


TEST 


Within the UAP monitor, test mode allows you to perform certain test 
functions. Because the commands can cause undesirable results if not 
properly executed, you should contact Allied Telesyn Technical Support 
for assistance if you are unsure about the proper procedure to use. 


Purpose 


Allows you to enter test mode where you can perform a variety of test 
functions. 


Syntax 
TEST 
To enter test mode, do the following: 


1. Type TEST and press Enter. 
2. Enter a password. The default password is EV98203T (case sensitive). 


When you are in test mode, the test prompt (test>) appears. Test mode 
has a set of defined commands that you can use. 


To display test mode commands, do the following: 


QO Type any letter or number other than B and press Enter. The test 
commands appear on the screen. 


UAP Monitor V4.03 July 17, 2000 
<Press any key within 5 seconds to enter the UAP monitor> 


uap>test 
Enter password : *****x*xx 


test>d 


E - LED Test MWW s d..d -—- Memory word 


Write 

MACE — MACE Test Menu MRB s 1 — Memory byte 
Read 

MF s 1 —- Memory Fill MWB s d..d - Memory byte 
Write 

MV sl -— Memory Verify SD — Get DRAM Size 
(K) 

MR s 1 - Memory dword Read SF - Get Flash Size 
(K) 

MW s d..d- Memory dword Write| X - Exit 

MRW s 1 — Memory word Read 
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Another way you can access the UAP file system is through Console 
Command mode. Use Console Command mode to upgrade UAPs using 
TFTP and Script files. 
To enter Console Command mode, do the following: 

LU) Choose Command Console from the Maintenance menu. 
When you first enter Console Command mode, a list of valid console 
commands appears. You can display the console commands any time 
you are in Console Command mode. 
To display console commands, do the following: 


QO) Type F and press Enter. The following screen appears. 


Command Description 

Fb fb <boot segment> <data segment> 

Fd fd (<segment> | all) - directory list 
Fdel fdel <filename> - delete file 


rs fe (<segment> | all) - erase 


segment (s) 


Tftp File transfer 

Seript Execute script files 

SDVars Software Download variables 
Exit Return to main menu 


? Display this help 


To exit Console Command mode, do the following: 
QO) Type exit and press Enter. 


Several file menu commands require that you enter file names. To 
indicate the segment where the file is located, precede the file name 
with either a segment number or name followed by a colon. For 
example: 


l:uap.prg 


refers to the file named UAP.PRG that is located in segment 1. If you do 
not specify a segment name or number, the UAP searches the segments 
in the following order until it finds a file that matches the file name: 


RAM, 1,2,3,4 
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Using Console Commands 
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This section describes the console commands. 

Purpose 

Use the fo command to make an inactive segment the active segment. 
Syntax 


fb boot segment data segment 


where: 

boot segment is the name or number of the boot segment to be 
activated. 

data segment is the name or number of the data segment to be 
activated. 

Example 


To make segment 2 the active boot segment and segment 4 the active 
data segment, enter: 


fb 2 4 


You can use an asterisk instead of asegment name if you want to leave 
that segment unchanged. For example, to leave the active boot 
segment unchanged and make segment 4 the active data segment, you 
could enter: 


fb * 4 


After loading software into the UAP a common task is to activate the 
new software. To activate the new software, enter: 


Fb ib: id: 


This command activates the inactive boot and data segments. You do 
not need to know which of the boot and data segment numbers the 
flash is loaded into. 


fd 


fdel 
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Purpose 


Use the fd command to display the flash file system directory, which 
includes information about the boot file. 


Syntax 
fd 


Use the fd command to ensure that the correct version of the file is in the 
active boot segment. 


Typing fd ab: shows only the files loaded in the active boot segment. 


Note 

If the active segment containsno files when you reboot the UAP, the 
unit enters the UAP monitor and you lose the ability to Telnet to it 
during this session. If this occurs, you must access the UAP through 
its serial port to correct the problem. 


Purpose 
Use the fdel command to delete a particular file name from a segment. 
Syntax 
fdel filename 
where filename is the name of the file to be deleted. 
Example 
To delete the file UAP.PRG from the inactive boot segment, enter: 
fdel ib:uap.prg 
Note 
When you use the fdel command, the file is marked as invalid and 


remains in the file system. To reclaim the file space, you must erase 
the entire segment. Use the fe command to erase a segment. 
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fe 


script 


Purpose 


Erases the files in a particular segment. To recover the files after they 
have been erased, you must reload them from another source. 


Syntax 

fe segment 

where segment is the name or number of the segment to be erased. 
Example 

To erase the contents of segment 1, enter: 


fe l 


You can enter ALL instead of asegment name or number if you want to 
erase segments 1 through 4. 


Fe ib: erases the contents of the inactive boot segment. 


Note 
You must execute the fe command before you execute a TFTP 
transfer. 


Purpose 


Executes a specified file as a list of console commands. You can create a 
script file to automate a software download. 


Syntax 
script filename 


where filename is the name of the script file to be executed. 
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Using Sdvars Commands 


sdvars set 
serveripaddress 


sdvars set 
scriptfilename 


Use sdvars commands in Console Command mode to manipulate 
certain software download variables. Sdvars commands support both 
GET and SET arguments. You can enter sdvars commands to GET a 
software download object, and then issue the sdvars command using 
the SET argument to assign the object a specified value. 

The sdvars commands are described in this section using the SET 


argument. To execute an sdvars command using the GET argument, 
omit the variable from the end of the command. 


Purpose 

Sets the internal variable called serveripaddress to a specified address. 
Format 

sdvars set serveripaddress ip address 

where ip address is the address of the server. 

Example 

To set the IP address of the server to 192.168.49.29, enter: 

sdvars set serveripaddress 192.168.49.29 


Purpose 


Sets the internal variable scriptfilename to a specified string. The 
specified string should be the filename of the script to be retrieved from 
the TFTP server. 

Syntax 

sdvars set scriptfilename foreign filename 


where foreign filename is a script filename on the TFTP server. 
Example 
To set the scriptfilename to SCRIPT.DAT, enter: 


sdvars set scriptfilename script.dat 
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sdvars set 
starttime 


sdvars set 
checkpoint 


Purpose 


Sets the internal variable starttime. Starttime is a countdown time such 
that when zero is reached, the software download process begins. You 
set this variable to reflect how long into the future the UAP is to begin 
downloading and executing the script file from the TFTP server. When 
the timer reaches 0, the UAP uses the values in serveripaddress and 
scriptfilename to get the script file that is to be executed. If either 
serveripaddress or scriptfilename contains no value, an error is noted in 
the status variable and the software download process is terminated. 


Syntax 

sdvars set starttime dd:hh:mm:ss 

where dd:hh:mmiss is how far in the future the download is to begin. 
Example 

To begin the script file download in 5 minutes, enter: 


sdvars set starttime 00:00:05:00 


Note 

If you need to stop the download, you can do so by setting starttime 
to 0 if it has not already been reached by the countdown. Resetting 
starttime to 0 stops the timer and the download process. 


Purpose 


Sets the internal variable called checkpoint to a specified value. The 
checkpoint variable is useful for monitoring the progress of a script file 
as it is executed. You can set the checkpoint variable to a different value 
after each script command and then query the checkpoint value using 
SNMP to determine the progress of the download. 


Syntax 
sdvars set checkpoint value 


where value is a whole number. 


sdvars set 
terminate 


sdvars set 
setactivepointer 
Ss 
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Example 
Consider the following script file commands: 


sdvars set checkpoint 1 
fe ab 

sdvars set checkpoint 2 
TFTP get * uap.prg ab 
sdvars set checkpoint 3 
reboot 


When the software download is started, you can use SNMP to query its 
progress by reading the checkpoint variable. If the variable has a value of 
2, you know that the UAP is trying to execute the TFTP get statement. If 
the value is 3, you know the script has completed and the reboot was 
executed. The value of the checkpoint variable may also be helpful in 
determining where an error occurred if the script fails. 


Purpose 


Sets the internal variable terminate to a specified value. Use terminate to 
stop a countdown process in the UAP. If either starttime or 
nextpoweruptime is counting down, setting this variable stops the timer 
and halts the countdown process. 


Syntax 
sdvars set terminate 


Note 

You should use caution when using this commana. If the script file 
is being downloaded or executed, setting this variable interrupts 
the processing and can leave the UAP in an undetermined state that 
may require user intervention. 


Purpose 


Sets the setactivepointers command to change inactive segments to 
active segments the next time the UAP is rebooted. This command is 
usually used with the nextpoweruptime command. 

Syntax 


sdvars set setactivepointers none/boot/data/both 
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sdvars set 
nextpoweruptime 
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where: 


none does not change the active segments. The default is none. 
Also, when the reboot is completed, the UAP resets this 
value to none. 


boot changes the inactive boot segment to the active boot 
segment. 

data changes the inactive data segment to the active data 
segment. 

both changes both the boot and data inactive segments to the 
active segments. 

Example 


To change the inactive boot and data segments to active at the next 
reboot, enter: 


sdvars set setactivepointers both 


Purpose 


Sets the nextpoweruptime command to set the internal variable 
nextpoweruptime to a countdown time so that when 0 is reached, the 
UAP will reboot. When the nextpoweruptime counter reaches 0, the UAP 
checks the value of the setactivepointers variable, takes the appropriate 
action, and then reboots. 


Syntax 

sdvars set nextpoweruptime dd:hh:mm:ss 

where dd:hh:mmi:ss is how far in the future the reboot is to begin. 
Example 

To reboot the UAP 2 hours from now, enter: 


sdvars set nextpoweruptime 00:02:00:00 


Note 

If you need to terminate the reboot, you can do so by setting 
nextpoweruptime to 0 if it has not already been reached by the 
countdown. By resetting nextpoweruptime to 0, the timer is 
stopped so the unit does not reboot. 
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Using TFTP Commands 


tftp get 


TFTP commands are file transfer commands that you execute when you 
are in Console Command mode. A UAP can act as either a client or server 
in the TFTP environment. As a server, the UAP can service read and write 
requests from a UAP client. As a client, the UAP can read files from and 
write files to any TFTP server on the network. Both the client and server 
must operate in octet, or 8-bit, mode. 


When executing a script file, the UAP retries TFTP client commands get 
and put until the command is successfully completed. If the first attempt 
fails, the UAP retries after a one-minute delay. With each successive 
failure, the retry time doubles until it reaches eight minutes. Once this 
limit is reached, it remains at eight minutes until the command is 
completed. 


In general, TFTP client sessions should fail only if the server is not 
responding either because it is busy serving other clients or because it 
has not been started. In either case, the UAP backoff algorithm should 
prevent excessive network traffic when many UAPS are trying to contact 
a TFTP server. 


Purpose 


Supports standard get and put commands. You can use the TFTP get 
command to start a client session that gets a file from the TFTP server. 


Syntax 


tftp get IP address foreign filename local filename 


where: 

IP address is the IP address of the server. You can use an 
asterisk (*) here if you want to use the value in 
serveripaddress. 

foreign filename isthe name of the file on the server. The filename 


can contain directory path information and must 
bein the format required by the server operating 
system. The file must already have the 
appropriate file header before the transfer to the 
UAP. 
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local filename isthe name you wish to call the file on the UAP. 
The name must include a segment number or 
name followed by acolon. An actual filename is 
optional. If only the segment name is supplied, 
the filename is set equal to the filename that is 
embedded in the file header on the server. 


Example 


The following command gets file UAP.DNL from a directory on a PC 
server with IP address 1.2.3.4 and stores it in the inactive boot segment 


on the UAP. 


tftp get 1.2.3.4 c:\startup\uap.dnl ib: 


Note 


You must use the fe command to erase the segment before you 
execute a TFTP get command. If you do not erase the segment, you 
may get a "can’t write file" error. 


The following error messages may be generated by the UAP when the 
UAP issues a TFTP get command. Other error messages may be returned 
from the server and displayed by the UAP. See your server 
documentation for additional information. 


Error Message 


Can't write file 


Invalid opcode during read 


Explanation 
The file may be too big. 


The file may not have a UAP file header 
(filendr.exe). 


The file name may be incorrectly 
formed. 


The file may already exist in the 
segment and cannot be overwritten. 
You must erase the file first. 


This error should not occur under 
normal operating conditions. This error 
indicates a TFTP protocol error that will 
not occur when you use TFTP Servers 
that conform to the protocol. 


tftp put 
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Purpose 
Copies a file from a client to the server or to another UAP. 
Syntax 


tftp put IP address foreign filename local filename 


where: 

IP address isthe IP address of the server. You can use an 
asterisk (*) here if you want to use the value in 
the serveripaddress. 

foreign filename is the name of the file as it will appear on the 
server. The file name can contain directory path 
information and must be in the format required 
by the server operating system. 

local filename isthe name of the file to be sent from the UAP. 

Example 


The following command takes file UAP.PRG that is saved in the active 
boot drive on the UAP client and stores it in the inactive boot segment 
on the UAP server that has IP address 1.2.3.4. 


tftp put 1.2.3.4 ib:uap.prg ab:uap.prg 


The following error messages may be generated by the UAP when the 
UAP issues a TFTP put command. Other error messages may be returned 
from the server and displayed by the UAP. See your server 
documentation. 


Error Message Explanation 

Can't read file The requested file may not exist. 

Invalid opcode during put —_—s* This error should not occur under normal 
Operating conditions. This error indicates 
a TFTP protocol error that will not occur 


when you use TFTP servers that conform 
to the protocol. 
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tftp server log 


tftp server start 


tftp server stop 
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Purpose 


Your UAP can function as a TFTP server. You can use the TFTP server log 
command to save a history of TFTP client requests. 


Syntax 
tftp server log 


The TFTP server log contains useful TFTP server status information. The 
log begins when you set up the server. You must reboot the UAP to clear 
the log. 


Purpose 


A UAP can obtain files from a TFTP server. You can enable one UAP to act 
as a TFTP server and download files to additional UAPs. Use the TFTP 
server start command to enable your UAP to act as a server. 


Syntax 
tftp server start 


After you issue this command, the UAP responds to TFTP client requests 
that are directed to its IP address. When acting as a server, the UAP 
supports up to four concurrent TFTP sessions. 


Purpose 


When you are done transferring files, you can stop the UAP from being a 
TFTP server by using the TFTP server stop command. 


Syntax 
tftp server stop 


After you issue this command, the UAP no longer responds to TFTP 
client requests; however, current TFTP sessions with the server are 
allowed to complete. 
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The following table lists error messages that can be issued from the TFTP 
server. These messages are sent to the client and are meant to be read 


from the client perspective. 


Error Message 


Explanation 


TFTP server only supports 
octet mode 


The client is attempting to transfer a file in 
ASCII mode. The UAP TFTP server only 
supports octet mode, which includes 
binary and image. 


Unable to open remote file 


The TFTP server cannot open the file that 
isnamed in the read or write request. 


If you are trying to read a file, the file may 
not exist. 


If you are trying to write a file, the file may 
be too big, the file may not havea UAPfile 
header, or the file name may be 
incorrectly formed. 


Can't read remote file 


The server returns this message if the UAP 
file system returns an error while the 
server is attempting to read the file. This 
message is unlikely to occur. 


Can't write remote file 


The server returns this message if the UAP 
file system returns an error while the 
server is attempting to write the file. This 
message is unlikely to occur. 


TFTP opcode not read or 
write request 


This error should not occur under normal 
operating conditions. This error indicates 
that the TFTP client does not conform to 

the protocol. 


Invalid opcode during read 


This error should not occur under normal 
operating conditions. This error indicates 
that the TFTP client does not conform to 

the protocol. 


Invalid opcode during write 


This error should not occur under normal 
operating conditions. This error indicates 
that the TFTP client does not conform to 

the protocol. 


Appendix A 
Specifications 


This appendix provides specifications and system defaults for reference 
purposes only. Actual product performance and compliance with local 
telecommunications regulations may vary from country to country. 
Allied Telesyn only ships products that are type approved in the 
destination country. 


Physical Specifications 


Operating Temperature | -20°C to +65°C (-4°F to +149°F) 
Storage Temperature | -40°C to +70°C (-40°F to +158°F) 
Humidity (non- 10 to 90% 
condensing 
Electrical -100 to 240V 
1.0 to 0.5A 
50 to 60 Hz 
Weight 232 g (0.51 Ib) 
Height 9.32 cm (3.67 in) 
Length 14.66 cm (5.77 in) 
Width 3.53 cm (1.39 in) 


Other Specifications 
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Architecture 


Transparent bridge 


Ethernet interfaces 


10BaseT (twisted-pair) 


Data rate 


10 Mbps (Ethernet) 


Media Access protocol 


CSMA/CD 


Ethernet compatibility 


Ethernet packet types and Ethernet 
addressing 


Filtering rate 


14,880 frames per second 


Filters (protocol) 


AppleTalk, NetBEUI, IPX, IP, DECNET, Other 


Filters (others) 


IP ARP, Novell RIP, SAP, LSP 


Serial port max data 
rate 


115,200 bps 


Management interfaces 


SNMP, Web browser-based manager, text- 
based menu system, serial port, Telnet, 
Ethernet 


Software upgrades 


Downloadable over the network or serial port 


SNMP agent 


Version 1 RFC 1213 


Radio Specifications-IEEE 802.11b HR 
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Data rate 11 Mbps (High), 5.5 Mbps (Medium), 
2 Mbps (Standard), 1 Mbps (Low) 
with automatic fallback for increased range 
Channels 11 (North America), 13 (Europe), 4 (France), 1 
(Japan) 
Range (11 Mbps) 160 m (525 ft) open environment 
50 m (165 ft) semi-open environment 
24 m (80 ft) closed environment 
Frequency band 2.4 to 2.5 GHz world-wide 
Radio type Direct sequence, spread spectrum 


Radio power output 


32 mW (15dBm) 
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Default Settings 


The factory default settings for the UAP are listed in this section. You can 
record the settings for your installation in each table for reference. 


TCP/IP Settings 
Menu Defaults 
Parameter ; : 
jlaric Range Default Site Setting 
IP Address 4 nodes, 0 to 255/ 0.0.0.0 
IP Subnet Mask | 4 nodes, 0 to 255] 255.255.255.0 
IP Router 4 nodes, 0 to 255| 0.0.0.0 
(Gateway) 
IP Frame Type | DIX/SNAP DIX 
Auto ARP 0 to 120 5 
Minutes 
ARP Server Disabled, No Disabled 
Mode Flooding, or 
Normal 
Flooding 
DHCP Mode Always, Always Use 
Disabled, DHCP 
Enabled (if 0), or 
DHCP Server 
DHCP Server Oto 31 (blank) 
Name characters 
Spanning Tree 
Settings Menu 
Defaults | Parameter : ; 
Name Range Default Site Setting 
AP Name Oto 16 (UAP serial 
characters number) 
LAN ID (Domain) | 0 to 254 0 
Root Priority Oto7 il 
IAPP Frame Type} DIX/SNAP DIX 
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Global Flooding 
Menu Defaults 


Global RF 
Parameters 
Menu Defaults 
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Parameter 


Name Range Default Site Setting 
Ethernet Enabled/ Enabled 
Bridging Disabled 
SecondaryLAN /0to7 0 
Bridge Priority 
Parameter : : 
Namie Range Default Site Setting 
Multicast Flood | Universal, Disabled 
Mode Hierarchical, or 
Disabled 
Multicast Enabled/ Enabled 
Outbound to Disabled 
Terminals 
Multicast Enabled/Set Set Locally 
Outbound to Locally 
Secondary LANs 
Unicast Flood Universal, Disabled 
Mode Hierarchical, or 
Disabled 

Parameter A t 
Name Range Default Site Setting 
RFC1042/DIX Enabled/Disabled | Enabled 
Conversion 
S-UHF Rfp 
Threshold 

Set Globally |Enabled/Disabled | Disabled 

Value 
S-UHF Frag Size 

Set Globally |Enabled/Disabled | Disabled 

Value 


Ethernet Port 
Configuration 
Menu Defaults 


Ethernet Filters 
Menu Defaults 
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Parameter 


Namie Range Default Site Setting 
900 MHz Frag 
Size 
Set Globally |Enabled/Disabled | Disabled 
Value 
S-UHF/900 MHz 
Awake Time 
Set Globally |Enabled/Disabled | Disabled 
Value 
RFC1042 Types 
to Pass Through 
1 through 20 
oo Range Default Site Setting 
Port Control Enabled/Disabled | Enabled 
Hello Period 1,2,or3seconds |2 
hela Range Default Site Setting 
Address Table 00:00:00:00:00:00 
Frame Type 
Filters 
Action Pass/Drop Pass 
Scope Unlisted/All Unlisted 
Predefined 
Subtype Filters 
Action Pass/Drop Pass 


Customizable 
Subtype Filters 
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Advanced 
Filters Menu 
Defaults 


Parameter 


Seine Range Default Site Setting 
Action Pass/Drop Pass 
Subtype DIX-IP-TCP-Port, | DIX-IP-TCP-Port 

DIX-IP-UDP-Port, 
DIX-IP-Protocol, 
DIX-IPX-Socket, 
DIX-EtherType, 
SNAP-IP-TCP- 
Port, 

SNAP -IP-UDP- 
Port, 

SNAP -IP- 
Protocol, 

SNAP -IPX- 
Socket, 

SNAP -EtherType, 
802.3-IPX-Socket, 
802.2 -IPX- 
Socket, or 
802.2-SAP 

Parameter Range Default Site Setting 

Name 

Filter Values 
Value ID 0 
Value (blank) 

Filter 

Expressions 
ExprSeq 
Offset 
Mask (blank) 
Op EQ,NE,GT,orLE |EQ 
Value ID 0 
Action And, Pass, or Drop |And 


IP Tunnels 
Menu Defaults 


Tunnel Filters 
Menu Defaults 
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Parameter 


Name Range Default Site Setting 
Port Control Enabled/Disabled | Enabled 
Mode Listen/Originate If | Originate If Root 
Root 

IGMP Enabled/Disabled | Disabled 
Hello Period 1,2,or3 Seconds |2 
IP Addresses 4 nodes, 0 to 255 | 0.0.0.0 
oo Range Default Site Setting 
IP Multicast Pass/Drop Drop 
Frame Type 
Filters 

Action Pass/Drop Pass 

Scope Unlisted/All Unlisted 
Predefined 
Subtype filters 

Action Pass/Drop Pass 
Customizable 
Subtype Filters 

Action Pass/Drop Pass 
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Network 
Management 
Menu Defaults 


Password Menu 
Defaults 
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Parameter 


Name Range Default Site Setting 
Subtype DIX-IP-TCP-Port, |DIX-IP-TCP-Port 
DIX-IP-UDP-Port, 
DIX-IP-Protocol, 
DIX-IPX-Socket, 
DIX-EtherType, 
SNAP-IP-TCP-Port, 
SNAP -IP-UDP- 
Port, 
SNAP -IP-Protocol, 
SNAP -IPX-Socket, 
SNAP -EtherType, 
802.3-IPX-Socket, 
802.2 -IPX-Socket, 
or 
802.2-SAP 
Value 00.00 
Parameter Range Default Site Settin 
Name g : 
Community 
Strings 
SNMP Read 
Community 
SNMP Write 
Community 
SNMP Secret 
Community 
Parameter Range Default Site Settin 
Name g 9 
User Name ATILAN 
Password ATILAN 
Read Only 


Password 


TEFE 802.11b 


HR Radio Menu 


Defaults 
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Parameter : ; 
Namie Range Default Site Setting 
Service Enabled/Disabled | Enabled 
Password 
Telnet Access Enabled/Disabled | Enabled 
Browser Access |Enabled/Disabled | Enabled 
SNMP Access Enabled/Disabled | Enabled 
RADIUS Client 
Configuration | Enabled/Disabled | Disabled 
Access 
Server 1 
IP Address 4nodes,0 to 255 /|0.0.0.0 
Secret Key (blank) 
Server 2 
IP Address 4nodes,0 to 255 /|0.0.0.0 
Secret Key (blank) 
RADIUS Server 
Server Enabled/Disabled | Disabled 
Parameter Name | Range Default Site Setting 
Port Control Enabled/Disabled | Enabled 
SSID (Network 0 to 32 characters | ATILAN 
Name) 
Frequency Channellto14, | Channel 3, 
2400 to 2500 MHz | 2422 MHz 
Data/Voice Data Only,Data |Dataand Voice 
Settings and Voice, or Traffic 
Voice Only 

WEP Encryption |Enabled/Disabled | Disabled 
Wireless Bridging 

Node Type Station/Master Station 

WirelessHops /|Enabled/Disabled | Disabled 
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Parameter Name | Range Default Site Setting 
Hello Period 1,2,0r3 Seconds |2 
WEP Configuration 
WEP Receive Unencryption Encryption 
Data Allowed/ Required 
Encryption 
Required 
WEP Transmit I 
Key 
WEP Key 1 (blank) 
WEP Key 2 (blank) 
WEP Key 3 (blank) 
WEP Key 4 (blank) 
Advanced 
Configuration 
Data Rate 1175:5;.2, 061 2 MBits 
MBits (Standard) 
Data Rate Enabled/Disabled | Enabled 
Fallback 
Basic Rate 11,5.5,2,or1 2 MBits 
MBits (Standard) 
Medium Enabled/Disabled | Disabled 
Reservation 
Distance Large, Medium, or |Large 
Between APs_— | Small 
Microwave Enabled/Disabled | Disabled 
Oven 
Robustness 
Network Name |802.11 802.11 
Security compliant/Netwo |compliant 


rk Name ’ANY’ not 
allowed 


DTIM Period 


Appendix B 


Understanding IP 


This appendix provides additional information about IP. 


An Overview of IP 


The presence of an IP router generally defines the physical boundary of a 
wireless network. Multiple independent wireless networks may exist, 
each with its own LAN ID, root, and set of end devices. In this 
environment, an end device can only operate within the limited 
coverage area of its own network and cannot roam across IP subnet 
boundaries. Allied Telesyn’s Internet Protocol (IP) allows end devices to 
roam across subnet boundaries. 
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The IP extension to the open wireless LAN architecture enables a 
wireless LAN installation to span multiple IP subnets. IP uses a standard 
IP protocol called Generic Routing Encapsulation (GRE) to encapsulate a 
frame within an IP/GRE packet that uses normal IP routing to pass 
through IP routers. Using IP, end devices can roam across IP network 
subnets without losing network connectivity. IP can also be used to 
route protocols that are normally not routable. 


Primary LAN 

home subnet 

IP router 

i nN 

: IP network H 

- —— 7: 
ey UAPS 


Designated 
IP router Bredgg) 


Secondary LAN 
remote subnet 


8;/Wireless |B 
— stations 


You should have a basic understanding of IP addressing conventions 
and routing before you attempt to configure and use the advanced 
capability of IP. IP does the following: 


UO Enables access points on different IP subnets to belong to the 
same wireless network 


UO Supports transparent roaming of end devices between access 
points that are on different IP subnets without losing network 
connections 


QO) Supports end devices using both IP and other routable or 
nonroutable protocols 


To activate IP, configure the root UAP to originate IP tunnels. The IP 
tunnel originates at the root UAP on the home IP subnet and terminates 
at a UAP on aremote IP subnet. Frames forwarded through the tunnel 
are encapsulated using the standard GRE protocol running over IP. 
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The IP port differs from the physical ports within the UAP. The IP portis a 
logical port that provides IP encapsulation services for frames that must 
be routed to reach their destination. After encapsulation, frames are 
transmitted or received through the physical Ethernet ports. 
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Operation 


Tunnel 
Origination 


Building the 
Spanning Tree 


158 


IP uses IP encapsulation to establish a virtual LAN segment through IP 
routers. The virtual LAN segment includes the home IP subnet and 
logically extends to include end devices attached to UAPs on remote IP 
subnets. An IP tunnel becomes a branch in the spanning tree. UAPs on 
remote subnets can be directly connected to an IP tunnel or indirectly 
connected through another UAP on a remote subnet. 


An IP remote subnet functions much like a wireless secondary LAN with 
some notable exceptions: 


QO Any UAP can providea wireless link to another UAP. Only the root 
UAP can originate an IP tunnel. 


OY Awireless link can provide a transparent bridge for both wired 
and wireless devices on a wireless secondary LAN. An IP tunnel 
only provides a transparent bridge for end devices (unless 
explicitly configured to provide connectivity for an NNL gateway 
on aremote IP subnet). 


The number of IP tunnels the root can originate is practically unlimited. 
However, the IP address list can presently contain eight entries. The size 
of the address list effectively limits the number of tunnels that can be 
created if unicast and directed broadcast IP addresses are used; 
however, you can use a single IP multicast address to originate a 
practically unlimited number of tunnels. 


By default, any UAP can attach to a network through an IP tunnel if it 
receives IP hello messages. An IP tunnel is established when aUAP ona 
remote subnet attaches to the root UAP on its IP port. 


Note that a non-root UAP can concurrently receive hello messages on its 
Ethernet port, its radio port(s), and its logical IP port. However, a UAP 
uses only one port to attach to the network. UAP port costs are 
structured so that an Ethernet connection is always selected before an IP 
or radio connection. An IP connection is always selected before a radio 
connection. The attachment port is its "root port." 


UAPs use an election process to determine the root for a network. After 
the root UAP is elected, it transmits hello messages on all enabled ports. 
The spanning tree forms as other UAPs receive hello messages and 
attach to the network on the optimal path to the root. A non-root UAP 
also transmits hello messages after it is attached to the network. 


Each hello message contains the IP subnet ID of the UAP that originated 
the message. The protocol does not allow wireless links to exist between 
UAPs that do not have matching subnet IDs. 


Establishing 
and 
Maintaining 
Tunnels 


Redundancy 
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If mode is set to originate in the root UAP, the root sends hello messages 
to each IP address contained in its IP address list. A UAP on aremote IP 
subnet can automatically establish an IP tunnel if it receives an IP hello 
message from the root UAP. A UAP that attaches through an IP tunnel 
transmits hello messages on the remote subnet so that other UAPs on 
the remote subnet that do not receive IP hello messages can attach to 
the network. 


If you need to bridge to an IP remote subnet, you must set the 
Secondary LAN Bridge Priority parameter to a value greater than 0 in one 
or more UAPs on the remote subnet. These designated bridge 
candidates use the bridge priority value in an election procedure (similar 
to that used to determine the root) to determine a single designated 
bridge for the secondary LAN. 


The root and designated bridge election procedures are repeated if the 
current root or designated bridge stops sending hellos. If a UAP is 
unavailable due to a cable or other failure, the remaining UAPs use the 
election procedure to determine a new root or designated bridge. 


Normally one primary and one or two fallback root candidates are 
sufficient for root redundancy. One primary designated bridge and one 
fallback are recommended for most remote subnet installations. The 
number of remote subnets and the redundancy needs on each subnet 
influence the selection of address types in the IP Addresses menu. For 
example, you can use an IP multicast address or multiple unicast 
addresses to provide redundancy. Multiple UAPs on a remote subnet 
can receive IP hello messages; a single unicast IP address does not 
provide redundancy. 
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Usage Guidelines 


Addressing for 


IP Stations 


Using With 
Station 


Protocols Other 
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than IP 


Bridging 
Restrictions 


This section will help you understand operational requirements for IP. 


End devices that are using IP must be assigned IP addresses that are on 
the home IP subnet. The home IP subnet is the subnet connected to the 
root UAP. There are no address restrictions for non-IP end devices. 


Servers that use a routable network protocol such as IP or IPX may be 
located on any subnet; however, triangular routing can be minimized if 
servers are located on the home subnet for end devices. (Note that this is 
also true for standard mobile IP.) IP does not require changes to default 
flooding and bridging settings if it is only used for routable protocols, 
even if servers are located on remote subnets. 


The NNL protocol is asimple Non-routable Network Layer protocol that 
is used to carry high-layer data in a local area network environment. An 
NNL gateway forwards NNL traffic to non-NNL hosts such as TCP/IP. You 
can use the default flooding and bridging settings, and minimize 
triangular routing, if NNL gateways are located on the home subnet. You 
must enable outbound multicast flooding and secondary bridging for 
remote IP subnets that contain NNL gateways. 


By default, wireless traffic is not bridged to a remote IP subnet. With 
bridging disabled, all traffic for end devices is forwarded between access 
points using data link encapsulation, which means that the MAC 
source/destination addresses correspond to the access points 
Originating/receiving the traffic for the end devices. By using data link 
encapsulation, you prevent network monitoring tools and other 
network components from detecting end device MAC/IP addresses that 
belong to the remote subnet. In some network installations, detecting 
these addresses may generate alarms or cause switches to behave 
erroneously. There is no additional forwarding overhead for disabling 
bridging in this situation. 


Allied Telesyn strongly recommends using the default setting when you 
are using IP to provide mobility of other routable protocols, such as IPX. 


If you enable bridging to a remote IP subnet, a UAP terminating the 
tunnel at the remote subnet will simply bridge traffic for end devices 
onto the local Ethernet network and UAPs serving the end devices will 
detect and forward traffic to associated end devices. End device MAC/IP 
addresses are fully visible on the remote subnet. 
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Bridging can be enabled on remote IP subnets if IP is used to provide 
mobility for IP and other non-routable protocols, because IP has built-in 
safeguards and filters for protecting the operation of IP routers and 
other network components. 
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IP Safeguards 
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Wireless Hop 
Restriction 


Tunnels 
Manually 
Enabled 


IP Virtual 
Subnet 


The purpose of a router is to segment traffic on a local network and 
selectively forward frames destined to network addresses on other 
networks. Routers avoid problems such as broadcast storms that are 
often associated with bridges. IP is designed to safely and transparently 
coexist with routed IP installations while supporting mobility for end 
devices. This section details the safeguards built into IP. 


To use IP, you must configure UAPs that are on different IP subnets so 
that they have the same LAN ID. Hello messages contain the IP subnet ID 
of the UAP that originated the message. The protocol does not allow 
wireless links to exist between UAPs that do not have matching subnet 
IDs. 


By default, IP tunnel origination is disabled on the UAP. You must 
manually enable IP tunnel origination in the root UAP before any IP 
tunnels can be established. 


IP provides a virtual subnet for end devices because IP tunnels logically 
extend the home subnet. The UAP’s default bridge priority of zero 
disables the bridging of wireless traffic to remote IP subnets. The default 
setting allows terminals that are connected to UAPs on a remote IP 
subnet to communicate with hosts on the primary LAN or home subnet 
without bridging wireless traffic to the remote IP subnet. Frames that 
originate on aremote IP subnet are not forwarded inbound through an 
IP tunnel. 
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Configuring the IP Tunnel Port 


The IP port is alogical port and does not exist in a physical sense. For 
ease of configuration, IP is referred to as a port. The IP port provides IP 
encapsulation services for frames that must be routed to reach their 
destinations. After encapsulation, frames are transmitted or received 
through one of the physical ports. 


IP isa protocol that is used to enhance the MAC layer for roaming 
functionality between UAPs on different IP subnets. Think of the IP port 
as an IP tunnel that allows branches to be added to the spanning tree. 
The spanning tree facilitates the roaming functionality. For more 
information about IP, see Appendix B, "Understanding IP." 


To configure the IP port, do the following: 


1. Establish a Web browser session if you have not already done so. For 
more information, see Establishing a Web Browser Session on page 
32. 


2. Click IP Tunnels. The IP Tunnels screen appears. 


3 Access Point Configuration - Microsoft Internet Explorer 


| File Edit View Favorites Tools Help 
| Back ~ => ~ @ [2) | Asearch (yFavorites Bristory | Eh SH 
[Address [4] http://149.35.50.2/pubjwelcome. htm x] @ 0 | |Links * 


~ Allied Telesyn Access Point Configuration 


Simply connecting the @® world 


pare ) | Upg 
IP Tunnels/ 


Submit Changes 


AP Configuration 
E\TCP/P Settings 


ESIEEE 802.11B Radio Port Control Enabled »¥ 
EaSpanning Tree Setting: Mode Originate If Root ¥ 
GaEthernet IGMP [Disabled >] 
‘ai P Tunnels Hello Period [2 Seconds ¥] 
[E)IP Addresses 
EaTunnel Filters —____ 
GaNetwork Managemen 
GaPasswords 


GiMaintenance 


| 


\é] (2 items remaining} Downloading picture http://149.35.50,2/pub/bkgrnd. gif... 


Figure 52 IP Tunnels Screen 


3. Configure the parameters forthe IP port. When you are finished, click 
Submit Changes to save your changes. 


The following table explains each parameter. 


Parameter 


Explanation 


Port Control 


Enables or disables the port. 


Mode 


Controls whether the UAP listens for the IP tunnel or 
Originates IP tunnel connections with other UAPs. 


Listen Sets the UAP to serve as the termination of a 
tunnel if the UAP is the designated bridge for the 
subnet. The UAP cannot originate a tunnel. 


Originate If Root Sets the UAP so it can originate IP 
tunnels if it is functioning as the root for the network. 


IGMP 


Establishes multiple IP tunnels using a single 
multicast IP address. 


Enable Sets the UAP so the root UAP uses a Class D 
IP multicast address to send IP hello packets through 
routers to UAPs on other IP subnets. Enabling IGMP 
on remote IP subnets causes intermediate IP routers 
to forward the IP hello packets to those subnets. 


Disable Setsthe UAP so the root UAP does not usea 
Class D IP multicast address to send IP hello packets 
through routers to UAPs on other IP subnets. 


For more information, see Configuring IGMP on 
page 98. 


Hello Period 


Controls how frequently the UAP broadcasts hello 
packets to the tunneled network. Hello packets are 
used to maintain the spanning tree and serve as 
beacon messages to synchronize communications 
with power-managed stations. 
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Permanent and User-Defined Filters 


ARP Server 


Forwarding 
Restrictions 


Permanent 
Filters 


UAP provides extensive filtering capabilities so that only traffic destined 
to end devices is allowed. 


For wireless IP devices, ARP requests that originate on the home subnet 
must be forwarded outbound to remote IP subnets. An ARP server 
capability can be enabled to restrict the propagation of ARP packets 
through tunnels to only those packets that are destined for end devices. 


Unicast frames are only forwarded outbound through an IP tunnel if the 
destination address identifies an end device that has roamed to a 
remote subnet. By default, wireless traffic is not bridged to remote IP 
subnets; traffic from a remote IP subnet is never forwarded inbound 
through an IP tunnel. 


Certain frame types are never forwarded through tunnels; other frames 
are always forwarded. Frame types that are never forwarded include IP 
protocols used for coordinating routers and MAC frames used for 
coordinating bridges. 


Frame Types That Are Never Forwarded 


O 802.1D bridge frames 
QO Proprietary VLAN switch frames 


O) IP frames with a broadcast or multicast Ethernet address 


O) IP frames with the following router protocol types and decimal 
values: 


DGP (86) (Dissimilar Gateway Protocol) 

EGP (8) (Exterior Gateway Protocol) 

IDPR (35) (Inter-Domain Policy Routing Protocol) 
IDRP (45) (Inter-Domain Routing Protocol) 

IGP (9) (Interior Gateway Protocol) 

IGRP (88) 

MHRP (48) (Mobile Host Routing Protocol) 


COovovwoo vv Oo 


OSPFIGP (89) (Open Shortest Path First Interior Gateway 
Protocol) 
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User-Defined 
Filters 


IP/ ARP Subnet 
Filtering 


QO IP ICMP (Internet Control Message Protocol) types: 
O |IPv6 
UO) Mobile IP 


O Router Advertisement 


O Router Selection 


QO) IP/UDP (User Datagram Protocol) frames with the following 
destination protocol port numbers: 


O) BGP (179) (Border Gateway Protocol) 
L) RAP (38) (Route Access Protocol) 


QO RIP (520) (Routing Information Protocol) 


QO) *IP/TCP frames with the following destination or source protocol 
port numbers: 


LY * BGP (179) (Border Gateway Protocol) 
LY * RAP (38) (Route Access Protocol) 


You can define output filters that restrict protocol types that can pass 
through an IP tunnel. Frames can be filtered by the DIX, 802.2, or 802.3 
SNAP type, the IP protocol type, or the TCP or UDP protocol port 
number. 


By default, the filters drop all protocol types except the NNL DIX Ethernet 
type (hexadecimal 875B). You can configure the IP filters to pass 
additional frame types by choosing the Filters option from the Bridge 
Configuration menu. Filters must be configured in all root candidates 
and in any UAP that can attach to the remote end of an IP tunnel. 


IP automatically provides subnet filtering for IP end devices. IP and ARP 
frames are never forwarded inbound through an IP tunnel to the home 
subnet unless the source IP address belongs to the home subnet. 
(Frames are only forwarded inbound if the source IP address in the IP or 
ARP packet identifies an end device that has roamed away from its home 
subnet.) 


IP and ARP frames are never forwarded outbound through an IP tunnel 
by the root UAP unless the destination IP address belongs to the home 
subnet. (Frames are only forwarded outbound to end devices that have 
roamed away from the home subnet.) 
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Frame Forwarding 


Outbound 


Inbound 


MAC frames originating on the home IP subnet are encapsulated in the 
root UAP, forwarded through the IP network, deencapsulated by the 
UAP at the remote end of the IP tunnel, and forwarded to the 
appropriate UAP (if necessary) for delivery to the intended end device. 
For inbound frames, the same process is used in reverse between the 
UAP at the remote end of an IP tunnel and the root UAP. 


The encapsulation uses the standard IP GRE protocol. Any data packet 
sent through the tunnel is addressed to the unicast IP address of the UAP 
at the other end of the tunnel. A UAP at the remote end of the tunnel 
learns the unicast IP address of the root UAP by listening to IP hello 
packets. The root UAP learns the unicast IP address of a remote UAP 
when the UAP attaches to the network. 


Data frames are forwarded outbound through an IP tunnel if 


O) anend device is known to be attached to a UAP on a particular 
remote subnet. 


QO the frame type is enabled in the IP Filter menu. 


Unicast frames are not flooded. End devices attach to the root UAP, 
which maintains entries for these devices in its forwarding database. The 
database entries indicate the correct subnet for outbound forwarding. 


For TCP/IP applications, IP and ARP frames must be forwarded through 
IP tunnels. An IP or ARP frame is only forwarded outbound if the 
destination address identifies an end device on the home subnet. 
Enabling the ARP server in the root UAP can reduce the number of ARPs 
forwarded outbound. 


Only frame types that are specified in the IP Filter menu are forwarded, 
and the frames are only forwarded inbound if the source IP address 
belongs to the home subnet. 


Frames transmitted by servers or devices that are wired to an IP 
secondary LAN are not forwarded through IP tunnels if the IP address 
does not belong to the home subnet of the IP tunnel. Only frames from 
radio stations with IP addresses belonging to the home subnet are 
forwarded inbound. 
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End Device 
Mobility 


As end devices move through a facility, they roam between UAP 
coverage areas. In large installations, these UAPs may be on different IP 
subnets. IP is designed to support rapid roaming in these environments. 
A roam requires updates to the forwarding databases in the new UAP, 
root UAP, previous UAP, and any intermediate UAPs. 


An end device initiates a roam when it attaches to anew UAP. The UAP 
sends an attach message to the root UAP, which in turn forwards a 
detach message to the previous UAP, allowing each UAP to update its 
forwarding database. Intermediate UAPs monitor these exchanges and 
update their forwarding databases. 
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Mobile IP Comparison 


The Internet Engineering Task Force developed RFC 2002, IP Mobility 
Support, commonly referred to as Mobile IP, to provide mobility for IP 
hosts. Mobile IP is designed primarily to address the needs of IP end 

devices that may move between geographically separated locations. 


IP is designed primarily to operate in local environments, where hand- 
held or vehicle-mounted end devices may move rapidly between UAP 
coverage areas on a subnetted LAN (although it is possible to attach a 
geographically remote subnet through an IP tunnel). The two 
technologies are complimentary and may coexist. Both protocols use 
similar encapsulation to forward packets to or from end devices that 
have roamed away from a home IP subnet. The root UAP functions much 
like a Mobile IP home agent; a UAP attached to the remote end of an IP 
tunnel functions much like a Mobile IP foreign agent. 


The following table summarizes the differences between IP and Mobile 


IP. 

Issue Mobile IP IP 
Software Requires a mobile IP | No changes are required to existing IP software 
compatibility client software stack | stacks in end devices. 

in IP end devices. 
Addressing None. Requires that IP device addresses belong to the IP 
limitations for IP home subnet. 
end devices 
Security Mobile IP Guest addresses are not used. Data link security. 


authentication is 
required for "guest" 
access to foreign 
subnets. 


Roaming detection 


Foreign agent 


Data link indications facilitate fast roaming with no 


advertisements. added broadcast traffic. 
Roaming None. Currently, roaming is limited to a single network that 
restrictions may include multiple IP subnets. 
Roaming support —_| None. Configurable using IP filters. 


for non-IP protocols 
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Issue 


Mobile IP 


IP 


Scalability 


Has no inherent 
limitations. 


No practical limitations using IGMP. 


Special network 
software 


Requires home and 
foreign agents 
located on each 
network or 
subnetwork. 


Standard network feature. No additional network 
software is required. 
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Configuring an IP Tunnel 


is 


Choose the home subnet. Ideally, you should choose the subnet that 
contains gateways or servers for end devices; however, these servers 
may be on other subnets if necessary. Note that you can create a 
home subnet for end devices. Fixed or variable length subnet masks 
can be used; subnet addressing is not required. IP addresses for end 
devices must belong to the home subnet. 


Select primary and fallback root UAPs on the home subnet. The root 
UAP should be a UAP that does not otherwise handle a large volume 
of traffic. 


Configure all UAPs on the root IP subnet and remote IP subnets with 
the same LAN ID. If IP isnot used to attach a remote IP subnet, then 
UAPs on that subnet should be configured with a different LAN ID. 


From the Quick Start menu, choose IP to configure root candidates to 
Originate if Root. Configure the IP Addresses table using the 
appropriate addressing for UAPs on each remote IP subnet. All root 
candidates should be configured identically. 


To configure IP filters, choose Bridge Configuration from the main 
menu, and then choose Filters. Configure filters in all root UAP 
candidates and in other UAPs that can attach through an IP tunnel. IP 
output port filters are consistent with Ethernet type and subtype 
filters. 


For networks using IP networking on end devices, Allied Telesyn 
recommends that you use the ARP server capability in the UAP. 


You may need to enable bridging on remote IP subnets. For example, 
bridging must be enabled if an NNL gateway is attached to the 
remote subnet. If bridging is required, configure one or more 
designated bridge candidates by setting the Secondary LAN Bridge 
Priority parameter to a value greater than zero. The designated 
bridge candidates must have permanent IP addresses and must be 
able to receive IP hello messages from the root UAP. A UAP will 
receive IP hello messages if the messages are sent to the unicast IP 
address of the UAP, or to an IP-directed broadcast or IP multicast 
address. Note that IGMP may be required for IP multicast. 
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The creation of tunnels between the root UAP and remote IP subnets is 
controlled by three operational parameters: 


O) The IP address list in the root UAP, configured through the IP port 
LO) Secondary LAN bridge priority settings 


QO) Enabling/disabling IP ports 


A tunnel can never be established on a disabled IP port. The discussion 
below assumes that IP ports are enabled, unless noted otherwise. 


The IP address list can contain any combination of IP unicast, IP 
broadcast, or IP multicast addresses. Only one IP tunnel can be created 
for each IP unicast address in the list. A single IP multicast address can be 
used to create a practically unlimited number of tunnels to multiple 
remote IP subnets. A single IP directed broadcast address can be used to 
create a practically unlimited number of tunnels to a single remote IP 
subnet. (An IP directed broadcast address is typically used to specify all 
hosts on asingle remote subnet.) 


By default, bridging to aremote IP subnet is disabled. In this default case, 
any UAP on aremote subnet that can receive IP hello messages can 
establish an IP tunnel; therefore, multiple IP tunnels can exist between 
the root UAP and a single remote IP subnet. 


If IP hello messages are sent to unicast IP addresses, then some UAPs on 
a remote subnet will likely not receive hello messages; therefore, those 
UAPs will not be able to establish an IP tunnel. If bridging is disabled on 
the subnet, wireless traffic is forwarded to and from these UAPs through 
data link tunnels. A data link tunnel is logically concatenated with an IP 
tunnel so that wireless traffic can be completely isolated from the 
remote IP subnet. 


If bridging is enabled on an IP remote subnet, a single UAP functions as 
the designated bridge for the IP secondary LAN. In this case, only the 
designated bridge can establish an IP tunnel. Any other UAP on the 
remote subnet must attach to the network through the designated 
bridge. 


IGMP 
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IP multicast relies on an IP protocol called Internet Group Management 
Protocol (IGMP) for multicast packet distribution. An IP router will only 
forward an IP multicast packet to those IP subnets that have hosts that 
participate in the respective multicast group. An IP host uses IGMP to 
notify IP routers that it wants to participate in a multicast group. Allied 
Telesyn UAPs can be enabled to advertise participation in asingle 
multicast group by enabling IGMP and defining a Class D IP multicast 
address. The UAP IGMP feature is structured so that it is independent of 
IP; it can be used to facilitate IP multicast for IP or any other application. 


IP multicast provides an ideal way to distribute IP hello messages. If IP 
multicast is used, the user must select a single IP multicast address. The 
selected address must be configured in the IP address list in the root AP. 
(Note that the address list can contain other IP addresses.) Normally, 
IGMP is enabled and an IGMP address is configured in at least one AP on 
each remote IP subnet. (Some routers can provide proxy IGMP services 
for IP hosts.) IP multicast has the following advantages: 


O) The user does not have to know unicast or directed broadcast IP 
addresses in advance. 


QO IP multicast provides better built-in redundancy than IP unicast, 
because any UAP can potentially establish an IP tunnel. 


U IP hello messages are only forwarded to those IP subnets and IP 
hosts (such as UAPs) that participate in the multicast group. 
Directed broadcast packets are forwarded to all IP hosts on the 
target subnet. 
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Appendix C 


Glossary 


ARP (Address Resolution Protocol) 


The protocol used by TCP/IP networks to relate IP addresses with the 
physical network addresses of network interfaces. 


BFSK (Binary Frequency Shift Key) 


A broadcasting method that lengthens the range but halves the 
throughput as compared to the QFSK method. 


bridge 


A device that expands a local area network by forwarding frames 
between data link layers associated with two separate physical media 
types, usually carrying acommon protocol. A bridge connects wireless 
devices to a wired network and allows connection of networks or 
subnetworks with similar architectures. 


broadcast 


A type of transmission in which a message sent from the host is received 
by many devices on the system. 


channel 


The path for transmitting data from a device to the host computer. A 
port may contain one or more logical channels. In 2.4 GHz RF networks, 
the channel refers to the frequency hopping sequence the radio follows. 
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data link tunneling 


A UAP encapsulates an Ethernet frame in a data frame and forwards the 
frame to the next UAP on the path to the final destination. Data link 
tunneling is used to make mobility transparent to the underlying 
network or to isolate the radio traffic from terminals on an Ethernet 
segment. Data link tunneling occurs automatically when Ethernet 
bridging is disabled on the root UAP. Ethernet bridging is automatically 
disabled on a secondary LAN if there is no designated bridge for the 
secondary LAN. A UAP that has Ethernet bridging disabled forwards a 
frame inbound on its Ethernet port using data link tunneling. The root 
UAP or a designated bridge for a secondary LAN uses data link tunneling 
to forward frames outbound to UAPs on the same Ethernet segment. 


designated bridge 


A UAP that is assigned the role of bridging frames destined for or 
received from a secondary LAN. A designated bridge, or secondary LAN 
bridge, connects a secondary LAN with the primary LAN. In the UAP, the 
secondary LAN bridge priority parameter determines if the UAP is a 
candidate to become the designated bridge. 


DHCP (Dynamic Host Configuration Protocol) 


An Internet standard stack protocol that allows dynamic distribution of 
IP address and other configuration information to IP hosts on anetwork. 
Implementation of the DHCP client in Allied Telesyn network devices 
simplifies installation because the devices automatically receive IP 
addresses from a DHCP server on the network. 


distribution LAN 
Any Ethernet LAN attached to UAPs that are bridging between the 
Ethernet LAN and the radio network. At any given time, only one UAP in 


a distribution LAN provides access to the Ethernet LAN for a given node 
in the domain. 


DIX 
A standardized Ethernet frame format developed by Digital Equipment 


Corporation, Intel Corporation, and Xerox. Another frame format is 
802.3. 
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flooding 


A frame is flooded when the destination location is unknown. The 
destination location of a multicast frame is never known. Unicast and 
multicast flooding parameters determine how a flooded frame is 
forwarded. 


home IP subnet 


The IP subnet that contains the wired primary LAN and any wireless 
extensions of the subnet. 


IGMP (Internet Group Management Protocol) 


IGMP isa protocol that allows the UAP to have more than eight IP 
tunnels. IGMP allows a UAP to participate in an IP multicast group 
without any special router configuration. 


inbound frames 
Frames moving toward the primary LAN. 
IP subnet 


A single member of the collection of hardware networks that composes 
an IP network. Host addresses on a given subnet share an IP network 
number with hosts on all other subnets of the IP network. The local 
address is divided into subnet-number and host-number fields to 
indicate which subnet a host is on. 


MAC address 


There are 2 types of MAC addresses: unicast and broadcast. Unicast 
specifies a single Ethernet interface, while multicast specifies a group of 
Ethernet addresses. Broadcast is a variation of multicast in which a 
multicast is received by all interfaces. 


MIB (Management Information Base) 


This repository stores network traffic information that SNMP 
management programs collect. Your network administrator can use 
management software interacting with the MIB to obtain information 
about network activity. Contact your local Allied Telesyn representative 
to learn how to obtain a copy of the MIB forthe UAP. 
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multicast address 


A form of broadcast address through which copies of the frame are 
delivered to a subset of all possible destinations that have acommon 
multicast address. 


non-bridging secondary LAN 


A secondary LAN that does not have a designated bridge. A non- 
bridging secondary LAN is used to interconnect UAPs without using 
wireless hops. 


outbound frames 


Frames moving away from the primary LAN. 


peer-to-peer network 


A type of LAN whose workstations are capable of being both clients and 
servers. 


point-to-point bridge 


A wireless link that connects two wired Ethernet segments. Two UAPs 
can be used to provide a point-to-point bridge between two buildings 
so that wired and wireless devices in each building can communicate 
with devices in the other building. 


primary bridging 


Ethernet bridging on a root port. A UAP uses primary bridging to bridge 
frames to and from the Ethernet network on its root port. Note that 
primary bridging is not the same as bridging to the primary LAN. 


primary LAN 


The Ethernet LAN attached to the UAP that is acting as the root. The 
primary LAN is typically the LAN on which the servers are located. 
Primary and secondary LANs are both distribution LANs. 


QFSK (Quad Frequency Shift Key) 


A broadcasting method that shortens the range but doubles the 
throughput as compared to the BFSK method. 


remote subnet 


An Ethernet segment other than the primary LAN. A remote subnet is a 
secondary LAN. 
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remote IP subnet 
A secondary LAN attached to the network through an IP tunnel. 
root 


The UAP with the highest root priority becomes the root of the network 
spanning tree. lf the root becomes inactive, the remaining root 
candidates negotiate to determine which UAP becomes the new root. 
The root can be used to set system-wide flooding and RF parameters. 
The root is also the only node in the network that can originate IP 
tunnels. 


root port 


The UAP port that provides the inbound connection to the spanning 
tree. The root port provides a link to a parent UAP. Note that a root UAP 
does not have a root port. 


root subnet 


The Ethernet segment to which the root UAP connects, also known as 
the primary LAN. 


router 


A software and hardware connection between two or more 
subnetworks that permits traffic to be routed from one network to 
another on the basis of the intended destinations. 


secondary bridging 


Ethernet bridging on anon-root port. A UAP that is the designated 
bridge for a secondary LAN uses secondary bridging to bridge frames to 
and from the secondary LAN on anon-root Ethernet port. 


secondary LAN 
Any Ethernet LAN that is not the primary LAN.A single UAP functions as 
the designated bridge for a secondary LAN. The designated bridge 


attaches the secondary LAN to the network through a radio link or an IP 
link. Primary and secondary LANs are both distribution LANs. 


SNAP 


A protocol extension typically used by Appletalk networks. 
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SNMP (Simple Network Management Protocol) 


SNMP is a popular network management protocol in the TCP/IP and 
SPX/IPX protocol suite. SNMP allows TCP/IP and SPX/IPX sites to 
exchange configuration and status information. It uses management 
programs called "agents" to monitor network traffic. SNMP stores the 
information it collects in the Management Information Base (MIB). Your 
network administrator can use management software interacting with 
the MIB to obtain information about network activity. 


spanning tree 


A form of network organization in which each device on the network has 
only one path to the root. The UAPs automatically configure into a self- 
organized network that provides efficient, loop-free forwarding of 
frames through the network. 


subnet 


A single member of the collection of hardware networks that compose 
an IP network. Host addresses on a given subnet share an IP network 
number with hosts on all other subnets of that IP network. 


triangular routing 


The routing logic used for a mobile IP end device that has roamed to a 
foreign network. Frames destined for a mobile end device are always 
sent to the home subnet of the end device. If the end device has roamed 
to another subnet, the frame must be forwarded to the remote subnet 
where the end device currently resides. 


UAP 
The UAP bridges frames between a wired Ethernet network and a 
wireless RF network. The UAP can also serve as a bridge between two RF 


networks. The AT-WL2411 features Radio Independent and Network 
Independent architecture. 


unicast address 

A unique Ethernet address assigned to a single device on the network. 
WAP 

A wireless network device that serves as a repeater. It transmits data 


between a UAP that is connected to the Ethernet network and end 
devices. 
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WEP 


Wired Equivalent Privacy, a feature that can be enabled in the IEEE 
802.11b HR radio that allows data encryption for wireless 
communications. 


wireless bridging 


A wireless link that connects two wired Ethernet segments. Two UAPs 
can be used to provide a point-to-point or wireless bridge between two 
buildings, so that wired and wireless devices in each building can 
communicate with devices in the other building. 


